[Fwd: bogus plist in docbook-xsl]
Tim Kientzle
kientzle at acm.org
Wed Dec 17 10:47:28 PST 2003
Vladimir B. Grebenschikov wrote:
> В ср, 17.12.2003, в 00:25, Dag-Erling Smørgrav пишет:
>>"Vladimir B. Grebenschikov" <vova at fbsd.ru> writes:
>>
>>>Do you know why pkg_add threat character \' as invalid ?
>
> Looking source shows that pkg_add construct one striing for system(3)
> and populate this string with filenames in '
>
> add_count = snprintf(&perm_args[perm_count], maxargs - perm_count,
> "'%s' ", p->name);
>
> #define PUSHOUT(todir) /* push out string */ \
> if (where_count > (int)sizeof(STARTSTRING)-1) { \
> strcat(where_args, "|tar --unlink -xpf - -C "); \
> strcat(where_args, todir); \
> if (system(where_args)) { \
Yet another reason I'm building a tar-handling library for
my pkg_add rewrite; system(3) brings along too many headaches
with shell escaping.
This can be fixed in the current pkg_add, though it's not pretty.
Here's a quick sketch of code that could replace the 'snprintf'
above:
char * filename;
int i,j,badcount;
/* Count "bad" chars that need escaping */
badcount = 0;
for (i=0; p->name[i] != 0; i++) {
switch (p->name[i]) {
case '\'': case '\\': /* Other "bad" chars here */
badcount++;
}
}
/* Copy filename over with dangerous chars escaped */
if (badcount == 0)
filename = strdup(p->name);
else {
filename = malloc(strlen(p->name) + badcount + 1);
for (i=0, j=0; p->name[i] != 0; i++, j++) {
if (p->name[i] is "bad")
filename[j++] = '\\';
filename[j] = p->name[i];
}
filename[j] = 0;
}
/* As above, contribute this filename to the growing command
add_count = snprintf(....., filename);
/* Release temporary string */
free(filename);
More information about the freebsd-current
mailing list