diff options
author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2022-08-04 16:20:56 +0000 |
---|---|---|
committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2022-08-04 16:20:56 +0000 |
commit | f8de4e03e9263e39d03455845ec2fc51fd99c6c7 (patch) | |
tree | 50d79817df3f6761b892a5457ad4f5db9b08f835 | |
parent | 7657109a65938fa16b717662fafd2bdd12fb0b0d (diff) | |
download | netpbm-mirror-f8de4e03e9263e39d03455845ec2fc51fd99c6c7.tar.gz netpbm-mirror-f8de4e03e9263e39d03455845ec2fc51fd99c6c7.tar.xz netpbm-mirror-f8de4e03e9263e39d03455845ec2fc51fd99c6c7.zip |
Validate size parameter is a number (to prevent shell injection problems)
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@4393 9d0c8265-081b-0410-96cb-a4ca84ce46f8
-rw-r--r-- | doc/HISTORY | 6 | ||||
-rwxr-xr-x | editor/pnmmargin | 7 |
2 files changed, 12 insertions, 1 deletions
diff --git a/doc/HISTORY b/doc/HISTORY index 7c608233..08acb109 100644 --- a/doc/HISTORY +++ b/doc/HISTORY @@ -21,7 +21,11 @@ not yet BJH Release 11.00.00 ppmtoicr: make -rle option issue an error message saying it no longer exists (it did, sort of, before 2015). - pnmindex: fix shell injection vulnerabilities. + pnmindex: fix shell injection vulnerabilities. Broken since + Netpbm 10.28 (June 2005). + + pnmmargin: fix shell injection vulneraibility. Always broken + (Program was added in primordial Netpbm in 1990). 22.06.24 BJH Release 10.99.00 diff --git a/editor/pnmmargin b/editor/pnmmargin index 6b30c074..cfc5256e 100755 --- a/editor/pnmmargin +++ b/editor/pnmmargin @@ -67,6 +67,13 @@ fi size="$1" shift +case $size in + ''|*[!0-9]*) + echo "Size argument '$size' is not a whole number" + exit 1 + ;; +esac + if [ ${2-""} ] ; then echo "usage: $0 [-white|-black|-color <colorspec>] <size> [pnmfile]" 1>&2 exit 1 |