bug#66390: `man' allows to inject arbitrary shell code

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#66390: `man' allows to inject arbitrary shell code

From:	Andreas Schwab
Subject:	bug#66390: `man' allows to inject arbitrary shell code
Date:	Tue, 10 Oct 2023 18:21:34 +0200
User-agent:	Gnus/5.13 (Gnus v5.13)

On Okt 10 2023, lux wrote:

> +        ;; see Bug#66390
> +     (mapconcat 'identity
> +                   (mapcar #'shell-quote-argument
> +                           (split-string ref " "))

You need to split on arbitrary sequences of whitespace to not introduce
spurious empty arguments.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

[Prev in Thread]

Current Thread

[Next in Thread]

bug#66390: `man' allows to inject arbitrary shell code, (continued)

Prev by Date: bug#66247: 29.1; Transient frame problems with Emacs 29 on MS Windows
Next by Date: bug#66416: 29.1; Crashes when visiting HELLO file with pgtk on Wayland
Previous by thread: bug#66390: `man' allows to inject arbitrary shell code
Next by thread: bug#66390: `man' allows to inject arbitrary shell code
Index(es):
- Date
- Thread