Vladimir B. Grebenschikov wrote: > В ср, 17.12.2003, в 00:25, Dag-Erling Smørgrav пишет: >>"Vladimir B. Grebenschikov" <vova_at_fbsd.ru> writes: >> >>>Do you know why pkg_add threat character \' as invalid ? > > Looking source shows that pkg_add construct one striing for system(3) > and populate this string with filenames in ' > > add_count = snprintf(&perm_args[perm_count], maxargs - perm_count, > "'%s' ", p->name); > > #define PUSHOUT(todir) /* push out string */ \ > if (where_count > (int)sizeof(STARTSTRING)-1) { \ > strcat(where_args, "|tar --unlink -xpf - -C "); \ > strcat(where_args, todir); \ > if (system(where_args)) { \ Yet another reason I'm building a tar-handling library for my pkg_add rewrite; system(3) brings along too many headaches with shell escaping. This can be fixed in the current pkg_add, though it's not pretty. Here's a quick sketch of code that could replace the 'snprintf' above: char * filename; int i,j,badcount; /* Count "bad" chars that need escaping */ badcount = 0; for (i=0; p->name[i] != 0; i++) { switch (p->name[i]) { case '\'': case '\\': /* Other "bad" chars here */ badcount++; } } /* Copy filename over with dangerous chars escaped */ if (badcount == 0) filename = strdup(p->name); else { filename = malloc(strlen(p->name) + badcount + 1); for (i=0, j=0; p->name[i] != 0; i++, j++) { if (p->name[i] is "bad") filename[j++] = '\\'; filename[j] = p->name[i]; } filename[j] = 0; } /* As above, contribute this filename to the growing command add_count = snprintf(....., filename); /* Release temporary string */ free(filename);Received on Wed Dec 17 2003 - 09:47:27 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:34 UTC