Security patch for kdeprintfax

Olaf Jan Schmidt olaf at amen-online.de
Sat Dec 7 00:07:39 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I have a bug fix for a small security problem in kdeprintfax.

Variables are always replaced with quoted values, even if they are already 
in quotes. The result is that the variables will be unquoted, leading to 
a small security hole.

I don't think there are any real possibilities to exploit this, but it can 
do no harm to fix this by unquoting all variables that are within quotes.

I copied the patch from another application where we had the same problem; 
I am quite new to KDE programming and not totally sure I applied the 
patch correctly. Could someone please check whether everything is OK?

I'm not subscribed to kde-core-devel, so please CC me if you have any 
remarks or if you wish me to commit this.

Olaf.

- -- 
Olaf Jan Schmidt, KDE Accessibility Project

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj3xO8wACgkQoLYC8AehV8ebZACgnWncnxbL0StD9zDPzqqAguC4
t/EAoN3c7Nvr7c3+JUSAf0PeeCCZmiaS
=iONu
-----END PGP SIGNATURE-----





More information about the kde-core-devel mailing list