--- bluez-utils-2.4/hcid/security.c.can-2005-2547 2003-07-24 11:34:34.000000000 -0600 +++ bluez-utils-2.4/hcid/security.c 2005-08-24 10:14:53.232585307 -0600 @@ -33,8 +33,8 @@ #include <syslog.h> #include <errno.h> #include <time.h> -#include <fcntl.h> -#include <time.h> +#include <malloc.h> +#include <ctype.h> #include <sys/ioctl.h> #include <sys/socket.h> @@ -227,9 +227,9 @@ static void call_pin_helper(int dev, struct hci_conn_info *ci) { pin_code_reply_cp pr; - char addr[12], str[255], *pin, name[20]; + char addr[18], str[512], *pin, name[249], tmp[497], *ptr; FILE *pipe; - int len; + int i, ret, len; /* Run PIN helper in the separate process */ switch (fork()) { @@ -250,11 +250,28 @@ name[0] = 0; //hci_remote_name(dev, &ci->bdaddr, sizeof(name), name, 0); + + memset(tmp, 0, sizeof(tmp)); + ptr = tmp; + + for (i = 0; i < 248 && name[i]; i++) + if (isprint(name[i])) { + switch (name[i]) { + case '"': + case '`': + case '$': + case '\\': + *ptr++ = '\\'; + } + *ptr++ = name[i]; + } else + *ptr++ = '.'; + ba2str(&ci->bdaddr, addr); - sprintf(str, "%s %s %s \'%s\'", hcid.pin_helper, - ci->out ? "out" : "in", - addr, name); + snprintf(str, sizeof(str), "%s %s %s \"%s\"", hcid.pin_helper, + ci->out ? "out" : "in", addr, tmp); + setenv("PATH", "/bin:/usr/bin:/usr/local/bin", 1);