elm Bug 1


Elm version: 2.5 PL6
Operating System: Linux 2.6.8-3-686
Reported: 2007-10-03

I know, I know. 'elm' is a ridiculously old mailer. But I love it, and 'mutt' is on crack, near as I can tell.

I'm surprised, though, that I never saw this bug before. If you try to attach a file that has a space in it, elm croaks with an error message about mencoder.

Clearly what is happening is that elm is calling mencoder without quoting the args (probably by using a single string for a system() call).

Oops!

Sadly, though, this doesn't seem to open up the security hole that it would if elm was written in perl. Attempts to attach a file with the name of "file;command" only cause elm to die with:

Received Floating Point Exception signal!
Emergency exit taken!