Re: [Fwd: bogus plist in docbook-xsl]

From: Tim Kientzle <kientzle_at_acm.org>
Date: Wed, 17 Dec 2003 10:47:11 -0800
Vladimir B. Grebenschikov wrote:
> В ср, 17.12.2003, в 00:25, Dag-Erling Smørgrav пишет:
>>"Vladimir B. Grebenschikov" <vova_at_fbsd.ru> writes:
>>
>>>Do you know why pkg_add threat character \' as invalid ?
> 
> Looking source shows that pkg_add construct one striing for system(3)
> and populate this string with filenames in '
> 
> 		    add_count = snprintf(&perm_args[perm_count], maxargs - perm_count,
> "'%s' ", p->name);
> 
> #define PUSHOUT(todir) /* push out string */ \
>         if (where_count > (int)sizeof(STARTSTRING)-1) { \
> 		    strcat(where_args, "|tar --unlink -xpf - -C "); \
> 		    strcat(where_args, todir); \
> 		    if (system(where_args)) { \

Yet another reason I'm building a tar-handling library for
my pkg_add rewrite; system(3) brings along too many headaches
with shell escaping.

This can be fixed in the current pkg_add, though it's not pretty.
Here's a quick sketch of code that could replace the 'snprintf'
above:

    char * filename;
    int i,j,badcount;

    /* Count "bad" chars that need escaping */
    badcount = 0;
    for (i=0; p->name[i] != 0; i++) {
      switch (p->name[i]) {
      case '\'':  case '\\': /* Other "bad" chars here */
        badcount++;
      }
    }

    /* Copy filename over with dangerous chars escaped */
    if (badcount == 0)
       filename = strdup(p->name);
    else {
       filename = malloc(strlen(p->name) + badcount + 1);
       for (i=0, j=0; p->name[i] != 0; i++, j++) {
          if (p->name[i] is "bad")
             filename[j++] = '\\';
          filename[j] = p->name[i];
       }
       filename[j] = 0;
    }

    /* As above, contribute this filename to the growing command
    add_count = snprintf(....., filename);

    /* Release temporary string */
    free(filename);
Received on Wed Dec 17 2003 - 09:47:27 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:34 UTC