diff options
author | Kevin McCarthy <kevin@8t8.us> | 2019-06-22 14:57:36 -0700 |
---|---|---|
committer | Kevin McCarthy <kevin@8t8.us> | 2019-06-22 14:57:36 -0700 |
commit | 840b813fa27fafa7fe43e41e227a3331156c0d9b (patch) | |
tree | b5e39cf939bed84a8e0e1313268fd79e31eb9ffb | |
parent | a99a75b7ab1f52b83a69c40a3ff67833bcbb38ba (diff) |
Make sure mailcap test %s is sanitized.
It's not clear to me if %s is allowed as part of a test field.
However since we are passing the attachment filename, we should
sanitize it first.
-rw-r--r-- | rfc1524.c | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -322,13 +322,19 @@ static int rfc1524_mailcap_parse (BODY *a, */ char *test_command = NULL; BUFFER *command = NULL; + BUFFER *afilename = NULL; if (get_field_text (field + 4, &test_command, type, filename, line) && test_command) { command = mutt_buffer_pool_get (); + afilename = mutt_buffer_pool_get (); mutt_buffer_strcpy (command, test_command); - mutt_rfc1524_expand_command (a, a->filename, type, command); + if (option (OPTMAILCAPSANITIZE)) + mutt_buffer_sanitize_filename (afilename, NONULL(a->filename), 1); + else + mutt_buffer_strcpy (afilename, NONULL(a->filename)); + mutt_rfc1524_expand_command (a, mutt_b2s (afilename), type, command); if (mutt_system (mutt_b2s (command))) { /* a non-zero exit code means test failed */ @@ -336,6 +342,7 @@ static int rfc1524_mailcap_parse (BODY *a, } FREE (&test_command); mutt_buffer_pool_release (&command); + mutt_buffer_pool_release (&afilename); } } } /* while (ch) */ |