kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Quote arguments to shell when sending email 

Note that the function switch_util_quote_shell_arg is implemented
incorrectly for unix shells, so this is still not safe until that
function is fixed.

Reported-by: Nathan Neulinger <nneul@mst.edu>

FS-5450 --resolve
This commit is contained in:
Travis Cross 2013-05-26 01:27:16 +00:00
parent 8f10ff073a
commit 04c3b913aa
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/switch_utils.c
View File

@ -920,11 +920,17 @@ SWITCH_DECLARE(switch_bool_t) switch_simple_email(const char *to,
if (zstr(from)) {
from = "freeswitch";
}
{
char *to_arg = switch_util_quote_shell_arg(to);
char *from_arg = switch_util_quote_shell_arg(from);
#ifdef WIN32
switch_snprintf(buf, B64BUFFLEN, "\"\"%s\" -f %s %s %s < \"%s\"\"", runtime.mailer_app, from, runtime.mailer_app_args, to, filename);
switch_snprintf(buf, B64BUFFLEN, "\"\"%s\" -f %s %s %s < \"%s\"\"", runtime.mailer_app, from_arg, runtime.mailer_app_args, to_arg, filename);
#else
switch_snprintf(buf, B64BUFFLEN, "/bin/cat %s | %s -f %s %s %s", filename, runtime.mailer_app, from, runtime.mailer_app_args, to);
switch_snprintf(buf, B64BUFFLEN, "/bin/cat %s | %s -f %s %s %s", filename, runtime.mailer_app, from_arg, runtime.mailer_app_args, to_arg);
#endif
switch_safe_free(to_arg); switch_safe_free(from_arg);
}
if (switch_system(buf, SWITCH_TRUE) < 0) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Unable to execute command: %s\n", buf);
err = "execute error";