diff options
author | Lasse Collin <lasse.collin@tukaani.org> | 2022-07-19 00:10:55 +0300 |
---|---|---|
committer | Lasse Collin <lasse.collin@tukaani.org> | 2022-07-19 00:10:55 +0300 |
commit | a648978b20495b7aa4a8b029c5a810b5ad9d08ff (patch) | |
tree | 065748cd674294411531177366ffcaa0ccec261d /src/scripts/xzgrep.in | |
parent | xzgrep: Use grep -H --label when available (GNU, *BSDs). (diff) | |
download | xz-a648978b20495b7aa4a8b029c5a810b5ad9d08ff.tar.xz |
xzgrep: Make the fix for ZDI-CAN-16587 more robust.
I don't know if this can make a difference in the real world
but it looked kind of suspicious (what happens with sed
implementations that cannot process very long lines?).
At least this commit shouldn't make it worse.
Diffstat (limited to '')
-rw-r--r-- | src/scripts/xzgrep.in | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in index dd0643d6..78f5bd31 100644 --- a/src/scripts/xzgrep.in +++ b/src/scripts/xzgrep.in @@ -223,7 +223,10 @@ for i; do case $i in (*' '* | *'&'* | *'\'* | *'|'*) - i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; + # If sed fails, set i to a known safe string to ensure that + # failing sed didn't create a half-escaped dangerous string. + i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/') || + i='(unknown filename):';; esac # $i already ends with a colon so don't add it here. |