Prevent an injection attack in passing untrusted options to substituters
This commit is contained in:
parent
90d9c58d4d
commit
eb7849e3a2
1 changed files with 4 additions and 0 deletions
|
@ -188,6 +188,10 @@ string Settings::pack()
|
|||
{
|
||||
string s;
|
||||
foreach (SettingsMap::iterator, i, settings) {
|
||||
if (i->first.find('\n') != string::npos ||
|
||||
i->first.find('=') != string::npos ||
|
||||
i->second.find('\n') != string::npos)
|
||||
throw Error("illegal option name/value");
|
||||
s += i->first; s += '='; s += i->second; s += '\n';
|
||||
}
|
||||
return s;
|
||||
|
|
Loading…
Reference in a new issue