From a648978b20495b7aa4a8b029c5a810b5ad9d08ff Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Tue, 19 Jul 2022 00:10:55 +0300 Subject: xzgrep: Make the fix for ZDI-CAN-16587 more robust. I don't know if this can make a difference in the real world but it looked kind of suspicious (what happens with sed implementations that cannot process very long lines?). At least this commit shouldn't make it worse. --- src/scripts/xzgrep.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in index dd0643d6..78f5bd31 100644 --- a/src/scripts/xzgrep.in +++ b/src/scripts/xzgrep.in @@ -223,7 +223,10 @@ for i; do case $i in (*' '* | *'&'* | *'\'* | *'|'*) - i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; + # If sed fails, set i to a known safe string to ensure that + # failing sed didn't create a half-escaped dangerous string. + i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/') || + i='(unknown filename):';; esac # $i already ends with a colon so don't add it here. -- cgit v1.2.3