From e11199d9cf45efcd52505da90c5430646de4ea26 Mon Sep 17 00:00:00 2001
From: David Maciejak <david.maciejak@gmail.com>
Date: Tue, 30 Sep 2014 15:51:31 +0800
Subject: [PATCH] wmaker: fix arbitrary shell command injection
Workspace background pref can be tricked to run arbitrary cmds.
---
src/defaults.c | 16 ++++++++++------
1 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/defaults.c b/src/defaults.c
index 6ca7f3f..105114b 100644
--- a/src/defaults.c
+++ b/src/defaults.c
@@ -3097,13 +3097,17 @@ static int setWorkspaceBack(WScreen * scr, WDefaultEntry * entry, void *tdata, v
len = strlen(text) + 40;
command = wmalloc(len);
dither = wPreferences.no_dithering ? "-m" : "-d";
- if (wPreferences.smooth_workspace_back)
- snprintf(command, len, "wmsetbg %s -S -p '%s' &", dither, text);
- else
- snprintf(command, len, "wmsetbg %s -p '%s' &", dither, text);
+ if (!strstr(text, "\'") && !strstr(text, "\\")) {
+ command = wmalloc(len);
+ if (wPreferences.smooth_workspace_back)
+ snprintf(command, len, "wmsetbg %s -S -p '%s' &", dither, text);
+ else
+ snprintf(command, len, "wmsetbg %s -p '%s' &", dither, text);
+ ExecuteShellCommand(scr, command);
+ wfree(command);
+ } else
+ wwarning(_("Invalid arguments for background \"%s\""), text);
wfree(text);
- ExecuteShellCommand(scr, command);
- wfree(command);
}
WMReleasePropList(value);
--
1.7.6.6.GIT