Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 Dec 2003 10:47:11 -0800
From:      Tim Kientzle <kientzle@acm.org>
To:        "Vladimir B. Grebenschikov" <vova@fbsd.ru>
Cc:        "current@freebsd.org" <current@freebsd.org>
Subject:   Re: [Fwd: bogus plist in docbook-xsl]
Message-ID:  <3FE0A4AF.2050007@acm.org>
In-Reply-To: <1071649239.763.4.camel@localhost>
References:  <1071594625.737.35.camel@localhost> <xzp8ylc3cr9.fsf@dwp.des.no> <1071604132.774.7.camel@localhost>  <xzp3cbk1mle.fsf@dwp.des.no> <1071649239.763.4.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
Vladimir B. Grebenschikov wrote:
> В ср, 17.12.2003, в 00:25, Dag-Erling Smørgrav пишет:
>>"Vladimir B. Grebenschikov" <vova@fbsd.ru> writes:
>>
>>>Do you know why pkg_add threat character \' as invalid ?
> 
> Looking source shows that pkg_add construct one striing for system(3)
> and populate this string with filenames in '
> 
> 		    add_count = snprintf(&perm_args[perm_count], maxargs - perm_count,
> "'%s' ", p->name);
> 
> #define PUSHOUT(todir) /* push out string */ \
>         if (where_count > (int)sizeof(STARTSTRING)-1) { \
> 		    strcat(where_args, "|tar --unlink -xpf - -C "); \
> 		    strcat(where_args, todir); \
> 		    if (system(where_args)) { \

Yet another reason I'm building a tar-handling library for
my pkg_add rewrite; system(3) brings along too many headaches
with shell escaping.

This can be fixed in the current pkg_add, though it's not pretty.
Here's a quick sketch of code that could replace the 'snprintf'
above:

    char * filename;
    int i,j,badcount;

    /* Count "bad" chars that need escaping */
    badcount = 0;
    for (i=0; p->name[i] != 0; i++) {
      switch (p->name[i]) {
      case '\'':  case '\\': /* Other "bad" chars here */
        badcount++;
      }
    }

    /* Copy filename over with dangerous chars escaped */
    if (badcount == 0)
       filename = strdup(p->name);
    else {
       filename = malloc(strlen(p->name) + badcount + 1);
       for (i=0, j=0; p->name[i] != 0; i++, j++) {
          if (p->name[i] is "bad")
             filename[j++] = '\\';
          filename[j] = p->name[i];
       }
       filename[j] = 0;
    }

    /* As above, contribute this filename to the growing command
    add_count = snprintf(....., filename);

    /* Release temporary string */
    free(filename);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FE0A4AF.2050007>