Apply patch from Debian Security Team for CAN-2004-1184.

[enscript.git] / src / main.c

diff --git a/src/main.c b/src/main.c
index 6f296cf..48c42fb 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -1544,9 +1544,13 @@ name             width\theight\tllx\tlly\turx\tury\n\
       buffer_append (&cmd, intbuf);
       buffer_append (&cmd, " ");
 
-      buffer_append (&cmd, "-Ddocument_title=\"");
-      buffer_append (&cmd, title);
-      buffer_append (&cmd, "\" ");
+      buffer_append (&cmd, "-Ddocument_title=\'");
+      if ((cp = shell_escape (title)) != NULL)
+       {
+         buffer_append (&cmd, cp);
+         free (cp);
+       }
+      buffer_append (&cmd, "\' ");
 
       buffer_append (&cmd, "-Dtoc=");
       buffer_append (&cmd, toc ? "1" : "0");
@@ -1563,8 +1567,14 @@ name             width\theight\tllx\tlly\turx\tury\n\
       /* Append input files. */
       for (i = optind; i < argc; i++)
        {
-         buffer_append (&cmd, " ");
-         buffer_append (&cmd, argv[i]);
+         char *cp;
+         if ((cp = shell_escape (argv[i])) != NULL)
+           {
+             buffer_append (&cmd, " \'");
+             buffer_append (&cmd, cp);
+             buffer_append (&cmd, "\'");
+             free (cp);
+           }
        }
 
       /* And do the job. */
@@ -1625,7 +1635,7 @@ name             width\theight\tllx\tlly\turx\tury\n\
                                 buffer_ptr (opts), buffer_len (opts));
            }
 
-         buffer_append (&buffer, " \"%s\"");
+         buffer_append (&buffer, " \'%s\'");
 
          input_filter = buffer_copy (&buffer);
          input_filter_stdin = "-";