Commit cd69b6c0 authored by Guilhem Moulin's avatar Guilhem Moulin

gpg-key2ps: Fix shell injection vulnerability in UIDs rendering.

parent 8776a7fa
signing-party (2.10-1) UNRELEASED; urgency=high
* gpg-key2ps: Fix shell injection vulnerability in UIDs rendering.
(Closes: #928256.)
-- Guilhem Moulin <guilhem@debian.org> Tue, 30 Apr 2019 19:47:04 +0200
signing-party (2.9-1) unstable; urgency=medium
* gpglist:
......
......@@ -9,6 +9,7 @@
#
use strict;
use Encode ();
use Getopt::Long;
my $version = '@@VERSION@@';
......@@ -267,7 +268,7 @@ while(<GPG>) {
}
# user ids
s/\\x(\p{AHex}{2})/ chr(hex($1)) /ge;
$_ = `echo "$_" | iconv -c -f utf-8 -t latin1`;
$_ = Encode::encode("latin1", Encode::decode_utf8($_));
s/^uid:[^:r]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:([^:]*):.*/ ($1) uid/;
# revoked user id
if (s/^uid:r[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:([^:]*):.*/ ($1) revuid/) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment