From 74fc3df9e4ecd84b971904d3e14e5a710d941836 Mon Sep 17 00:00:00 2001 From: Justus Winter <4winter@informatik.uni-hamburg.de> Date: Thu, 4 Sep 2014 12:48:32 +0200 Subject: trans/hello{,-mt}: properly escape contents in trivfs_append_args Fixes https://savannah.gnu.org/bugs/?15806 . * trans/hello-mt.c (trivfs_append_args): Escape contents. * trans/hello.c (trivfs_append_args): Likewise. --- trans/hello-mt.c | 28 ++++++++++++++++++++++------ trans/hello.c | 21 +++++++++++++++++++-- 2 files changed, 41 insertions(+), 8 deletions(-) (limited to 'trans') diff --git a/trans/hello-mt.c b/trans/hello-mt.c index ba9329a7..44d54dea 100644 --- a/trans/hello-mt.c +++ b/trans/hello-mt.c @@ -273,16 +273,32 @@ trivfs_append_args (struct trivfs_control *fsys, { error_t err; char *opt; + size_t opt_len; + FILE *s; + char *c; + + s = open_memstream (&opt, &opt_len); + fprintf (s, "--contents='"); pthread_rwlock_rdlock (&contents_lock); - err = asprintf (&opt, "--contents=%s", contents) < 0 ? ENOMEM : 0; + for (c = contents; *c; c++) + switch (*c) + { + case 0x27: /* Single quote. */ + fprintf (s, "'\"'\"'"); + break; + + default: + fprintf (s, "%c", *c); + } pthread_rwlock_unlock (&contents_lock); - if (!err) - { - err = argz_add (argz, argz_len, opt); - free (opt); - } + fprintf (s, "'"); + fclose (s); + + err = argz_add (argz, argz_len, opt); + + free (opt); return err; } diff --git a/trans/hello.c b/trans/hello.c index 4e88c609..d1884df1 100644 --- a/trans/hello.c +++ b/trans/hello.c @@ -246,9 +246,26 @@ trivfs_append_args (struct trivfs_control *fsys, { error_t err; char *opt; + size_t opt_len; + FILE *s; + char *c; - if (asprintf (&opt, "--contents=%s", contents) < 0) - return ENOMEM; + s = open_memstream (&opt, &opt_len); + fprintf (s, "--contents='"); + + for (c = contents; *c; c++) + switch (*c) + { + case 0x27: /* Single quote. */ + fprintf (s, "'\"'\"'"); + break; + + default: + fprintf (s, "%c", *c); + } + + fprintf (s, "'"); + fclose (s); err = argz_add (argz, argz_len, opt); -- cgit v1.2.3