diff options
author | Justus Winter <4winter@informatik.uni-hamburg.de> | 2014-09-04 12:48:32 +0200 |
---|---|---|
committer | Justus Winter <4winter@informatik.uni-hamburg.de> | 2014-09-05 01:26:48 +0200 |
commit | 74fc3df9e4ecd84b971904d3e14e5a710d941836 (patch) | |
tree | d056595a84decb573c50740e4fd1967488fec0c2 | |
parent | 8fd228ccd454578fb0367d97d95b90f9073a8d7c (diff) |
trans/hello{,-mt}: properly escape contents in trivfs_append_args
Fixes https://savannah.gnu.org/bugs/?15806 .
* trans/hello-mt.c (trivfs_append_args): Escape contents.
* trans/hello.c (trivfs_append_args): Likewise.
-rw-r--r-- | trans/hello-mt.c | 28 | ||||
-rw-r--r-- | trans/hello.c | 21 |
2 files changed, 41 insertions, 8 deletions
diff --git a/trans/hello-mt.c b/trans/hello-mt.c index ba9329a7..44d54dea 100644 --- a/trans/hello-mt.c +++ b/trans/hello-mt.c @@ -273,16 +273,32 @@ trivfs_append_args (struct trivfs_control *fsys, { error_t err; char *opt; + size_t opt_len; + FILE *s; + char *c; + + s = open_memstream (&opt, &opt_len); + fprintf (s, "--contents='"); pthread_rwlock_rdlock (&contents_lock); - err = asprintf (&opt, "--contents=%s", contents) < 0 ? ENOMEM : 0; + for (c = contents; *c; c++) + switch (*c) + { + case 0x27: /* Single quote. */ + fprintf (s, "'\"'\"'"); + break; + + default: + fprintf (s, "%c", *c); + } pthread_rwlock_unlock (&contents_lock); - if (!err) - { - err = argz_add (argz, argz_len, opt); - free (opt); - } + fprintf (s, "'"); + fclose (s); + + err = argz_add (argz, argz_len, opt); + + free (opt); return err; } diff --git a/trans/hello.c b/trans/hello.c index 4e88c609..d1884df1 100644 --- a/trans/hello.c +++ b/trans/hello.c @@ -246,9 +246,26 @@ trivfs_append_args (struct trivfs_control *fsys, { error_t err; char *opt; + size_t opt_len; + FILE *s; + char *c; - if (asprintf (&opt, "--contents=%s", contents) < 0) - return ENOMEM; + s = open_memstream (&opt, &opt_len); + fprintf (s, "--contents='"); + + for (c = contents; *c; c++) + switch (*c) + { + case 0x27: /* Single quote. */ + fprintf (s, "'\"'\"'"); + break; + + default: + fprintf (s, "%c", *c); + } + + fprintf (s, "'"); + fclose (s); err = argz_add (argz, argz_len, opt); |