Hi, * Uli <tobespam...@web.de> [2009-02-07 17:23]: > I read some man pages, looked at the source code and came up with the attached > patched. I noticed that options.c has a function (addExecToCommand()) that > creates a copy of the locker command line if it doesn't contain any > semicolons. > This means I only ran into this bug, because my locker contains semicolons! > > I patched this function to just always unconditionally copy the string and to > never prepend the locker with 'exec', because stuff like 'a & b', 'a || b' etc > isn't handled. I doubt this will cause any problems, but feel free to come up > with a different fix. > > With this patch applied, valgrind doesn't complain about wrong memory usages > anymore. > > Uli > > P.S.: Thanks to Patrick Matthäi for helping me with this bug mail. CC'd > security > on his advice, blame him. ;)
I don't think this justifies a security update by the security team but please make sure this fix gets into lenny. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpWt6Lwj30qL.pgp
Description: PGP signature
