diff options
author | Josh Rickmar <jrick@devio.us> | 2012-06-04 10:44:08 -0400 |
---|---|---|
committer | Josh Rickmar <jrick@devio.us> | 2012-06-15 13:33:37 -0400 |
commit | bc435aaddae36051fa8fff0390d35fb6bd390468 (patch) | |
tree | bff182e13f7ac4b7501651dc351068adaa5bb972 /about.c | |
parent | c7e96918621b358af82976835b840fc411a7a865 (diff) | |
download | xombrero-bc435aaddae36051fa8fff0390d35fb6bd390468.tar.gz |
Replace "%s" in alias and search_string manually with the encoded
replacement instead of relying on a correct format string. This prevents directly passing a user-defined format string as the first arg to a printf-style function and avoids the format string exploit.
Diffstat (limited to 'about.c')
-rw-r--r-- | about.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/about.c b/about.c index 5c69a40..f122817 100644 --- a/about.c +++ b/about.c @@ -826,6 +826,7 @@ xtp_handle_sl(struct tab *t, uint8_t cmd, int arg) char delim[3] = { '\0', '\0', '\0' }; char *line, *lt, *enc_search, *uri; char *contents, *tmp; + char **sv; switch (cmd) { case XT_XTP_SL_SET: @@ -882,9 +883,11 @@ xtp_handle_sl(struct tab *t, uint8_t cmd, int arg) search = gtk_entry_get_text(GTK_ENTRY(t->search_entry)); /* static */ enc_search = soup_uri_encode(search, XT_RESERVED_CHARS); - uri = g_strdup_printf(search_string, enc_search); + sv = g_strsplit(search_string, "%s", 2); + uri = g_strjoinv(enc_search, sv); load_uri(t, uri); g_free(enc_search); + g_strfreev(sv); g_free(uri); } |