From e11199d9cf45efcd52505da90c5430646de4ea26 Mon Sep 17 00:00:00 2001

From: David Maciejak <david.maciejak@gmail.com>

Date: Tue, 30 Sep 2014 15:51:31 +0800

Subject: [PATCH] wmaker: fix arbitrary shell command injection

Workspace background pref can be tricked to run arbitrary cmds.

---

 src/defaults.c |   16 ++++++++++------

 1 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/defaults.c b/src/defaults.c

index 6ca7f3f..105114b 100644

--- a/src/defaults.c

+++ b/src/defaults.c

@@ -3097,13 +3097,17 @@ static int setWorkspaceBack(WScreen * scr, WDefaultEntry * entry, void *tdata, v

 		len = strlen(text) + 40;

 		command = wmalloc(len);

 		dither = wPreferences.no_dithering ? "-m" : "-d";

-		if (wPreferences.smooth_workspace_back)

-			snprintf(command, len, "wmsetbg %s -S -p '%s' &", dither, text);

-		else

-			snprintf(command, len, "wmsetbg %s -p '%s' &", dither, text);

+		if (!strstr(text, "\'") && !strstr(text, "\\")) {

+			command = wmalloc(len);

+			if (wPreferences.smooth_workspace_back)

+				snprintf(command, len, "wmsetbg %s -S -p '%s' &", dither, text);

+			else

+				snprintf(command, len, "wmsetbg %s -p '%s' &", dither, text);

+			ExecuteShellCommand(scr, command);

+			wfree(command);

+		} else

+			wwarning(_("Invalid arguments for background \"%s\""), text);

 		wfree(text);

-		ExecuteShellCommand(scr, command);

-		wfree(command);

 	}

 	WMReleasePropList(value);

-- 

1.7.6.6.GIT