From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 21 Mar 2024 11:16:20 +0100
Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085]

Let's use for all cases the same output function.

Reported-by: Skyler Ferrante <sjf5462@rit.edu>
Signed-off-by: Karel Zak <kzak@redhat.com>

CVE: CVE-2024-28085

Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253]

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
 term-utils/wall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/term-utils/wall.c b/term-utils/wall.c
index 85c006a..0212c03 100644
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -328,7 +328,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
		int i;

		for (i = 0; i < mvecsz; i++) {
-			fputs(mvec[i], fs);
+			fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
			if (i < mvecsz - 1)
				fputc(' ', fs);
		}
--
2.40.0