From owner-freebsd-current@FreeBSD.ORG Wed Dec 17 10:47:27 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDF4C16A4CE for ; Wed, 17 Dec 2003 10:47:27 -0800 (PST) Received: from kientzle.com (h-66-166-149-50.SNVACAID.covad.net [66.166.149.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E47443D41 for ; Wed, 17 Dec 2003 10:47:23 -0800 (PST) (envelope-from kientzle@acm.org) Received: from acm.org ([66.166.149.54]) by kientzle.com (8.12.9/8.12.9) with ESMTP id hBHIlBkX057022; Wed, 17 Dec 2003 10:47:12 -0800 (PST) (envelope-from kientzle@acm.org) Message-ID: <3FE0A4AF.2050007@acm.org> Date: Wed, 17 Dec 2003 10:47:11 -0800 From: Tim Kientzle User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20031006 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Vladimir B. Grebenschikov" References: <1071594625.737.35.camel@localhost> <1071604132.774.7.camel@localhost> <1071649239.763.4.camel@localhost> In-Reply-To: <1071649239.763.4.camel@localhost> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit cc: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= cc: "current@freebsd.org" Subject: Re: [Fwd: bogus plist in docbook-xsl] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kientzle@acm.org List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2003 18:47:28 -0000 Vladimir B. Grebenschikov wrote: > В ср, 17.12.2003, в 00:25, Dag-Erling Smørgrav пишет: >>"Vladimir B. Grebenschikov" writes: >> >>>Do you know why pkg_add threat character \' as invalid ? > > Looking source shows that pkg_add construct one striing for system(3) > and populate this string with filenames in ' > > add_count = snprintf(&perm_args[perm_count], maxargs - perm_count, > "'%s' ", p->name); > > #define PUSHOUT(todir) /* push out string */ \ > if (where_count > (int)sizeof(STARTSTRING)-1) { \ > strcat(where_args, "|tar --unlink -xpf - -C "); \ > strcat(where_args, todir); \ > if (system(where_args)) { \ Yet another reason I'm building a tar-handling library for my pkg_add rewrite; system(3) brings along too many headaches with shell escaping. This can be fixed in the current pkg_add, though it's not pretty. Here's a quick sketch of code that could replace the 'snprintf' above: char * filename; int i,j,badcount; /* Count "bad" chars that need escaping */ badcount = 0; for (i=0; p->name[i] != 0; i++) { switch (p->name[i]) { case '\'': case '\\': /* Other "bad" chars here */ badcount++; } } /* Copy filename over with dangerous chars escaped */ if (badcount == 0) filename = strdup(p->name); else { filename = malloc(strlen(p->name) + badcount + 1); for (i=0, j=0; p->name[i] != 0; i++, j++) { if (p->name[i] is "bad") filename[j++] = '\\'; filename[j] = p->name[i]; } filename[j] = 0; } /* As above, contribute this filename to the growing command add_count = snprintf(....., filename); /* Release temporary string */ free(filename);