Last active
August 29, 2015 14:10
-
-
Save ss23/8d70d4363532ba7c9153 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This routine is unnecessary, but people ask for such things. | |
| * | |
| * Maybe man is suid or sgid to some user that owns the cat directories. | |
| * Maybe NLSPATH can be manipulated by the user - even though | |
| * modern glibc avoids using environment variables when the | |
| * program is suid or sgid. | |
| * So, maybe the string s that we are returning was user invented | |
| * and we have to avoid %n and the like. | |
| * | |
| * As a random hack, only allow %s,%d,%o, and only two %-signs. | |
| */ | |
| static int | |
| is_suspect (char *s) { | |
| int ct = 0; | |
| while (*s) { | |
| if (*s++ == '%') { | |
| ct++; | |
| if (*s != 's' && *s != 'd' && *s != 'o') | |
| return 1; | |
| } | |
| } | |
| return (ct > 2); | |
| } | |
| static char * | |
| getmsg (int n) { | |
| char *s = ""; | |
| catinit (); | |
| if (catfd != (nl_catd) -1) { | |
| s = catgets(catfd, 1, n, ""); | |
| if (*s && is_suspect(s)) | |
| s = ""; | |
| } | |
| if (*s == 0 && 0 < n && n <= MAXMSG) | |
| s = msg[n]; | |
| if (*s == 0) { | |
| fprintf(stderr, | |
| "man: internal error - cannot find message %d\n", n); | |
| exit (1); | |
| } | |
| return s; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment