summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-08-31 20:28:09 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-09-09 13:49:29 -0400
commita6fde35332f5e7f78bff437d7b7bfded83debbaa (patch)
treea2433a8fbd4168a9bef60979da6c19a77f0459b4 /src
parenta012ab5293a28af93454b3105ca85ca148b1c11f (diff)
systemd-run: properly escape arguments
Spaces, quotes, and such, were not properly escaped. We should write them like we read them. https://bugs.freedesktop.org/show_bug.cgi?id=67971
Diffstat (limited to 'src')
-rw-r--r--src/core/dbus-service.c21
-rw-r--r--src/shared/strv.c37
-rw-r--r--src/shared/strv.h1
-rw-r--r--src/test/test-strv.c114
4 files changed, 125 insertions, 48 deletions
diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c
index 85b13f01ef..696c4462fe 100644
--- a/src/core/dbus-service.c
+++ b/src/core/dbus-service.c
@@ -273,21 +273,16 @@ static int bus_service_set_transient_property(
fputs("ExecStart=\n", f);
LIST_FOREACH(command, c, s->exec_command[SERVICE_EXEC_START]) {
- char **a;
- fputs("ExecStart=", f);
+ _cleanup_free_ char *a;
- if (c->ignore)
- fputc('-', f);
-
- fputc('@', f);
- fputs(c->path, f);
-
- STRV_FOREACH(a, c->argv) {
- fputc(' ', f);
- fputs(*a, f);
- }
+ a = strv_join_quoted(c->argv);
+ if (!a)
+ return -ENOMEM;
- fputc('\n', f);
+ fprintf(f, "ExecStart=%s@%s %s\n",
+ c->ignore ? "-" : "",
+ c->path,
+ a);
}
fflush(f);
diff --git a/src/shared/strv.c b/src/shared/strv.c
index 3e7778d61c..2df478f30b 100644
--- a/src/shared/strv.c
+++ b/src/shared/strv.c
@@ -356,6 +356,43 @@ char *strv_join(char **l, const char *separator) {
return r;
}
+char *strv_join_quoted(char **l) {
+ char *buf = NULL;
+ char **s;
+ size_t allocated = 0, len = 0;
+
+ STRV_FOREACH(s, l) {
+ /* assuming here that escaped string cannot be more
+ * than twice as long, and reserving space for the
+ * separator and quotes.
+ */
+ _cleanup_free_ char *esc = NULL;
+ size_t needed;
+
+ if (!GREEDY_REALLOC(buf, allocated,
+ len + strlen(*s) * 2 + 3))
+ goto oom;
+
+ esc = cescape(*s);
+ if (!esc)
+ goto oom;
+
+ needed = snprintf(buf + len, allocated - len, "%s\"%s\"",
+ len > 0 ? " " : "", esc);
+ assert(needed < allocated - len);
+ len += needed;
+ }
+
+ if (!buf)
+ buf = malloc0(1);
+
+ return buf;
+
+ oom:
+ free(buf);
+ return NULL;
+}
+
char **strv_append(char **l, const char *s) {
char **r, **k;
diff --git a/src/shared/strv.h b/src/shared/strv.h
index 4ade827a42..4e80ea6d89 100644
--- a/src/shared/strv.h
+++ b/src/shared/strv.h
@@ -68,6 +68,7 @@ char **strv_split_quoted(const char *s);
char **strv_split_newlines(const char *s);
char *strv_join(char **l, const char *separator);
+char *strv_join_quoted(char **l);
char **strv_parse_nulstr(const char *s, size_t l);
char **strv_split_nulstr(const char *s);
diff --git a/src/test/test-strv.c b/src/test/test-strv.c
index 074e1bb3d4..25bee22dfe 100644
--- a/src/test/test-strv.c
+++ b/src/test/test-strv.c
@@ -42,50 +42,68 @@ static void test_specifier_printf(void) {
assert_se(streq(w, "xxx a=AAAA b=BBBB yyy"));
}
-static void test_strv_find(void) {
- const char * const input_table[] = {
- "one",
- "two",
- "three",
- NULL
- };
+static const char* const input_table_multiple[] = {
+ "one",
+ "two",
+ "three",
+ NULL,
+};
+
+static const char* const input_table_one[] = {
+ "one",
+ NULL,
+};
+
+static const char* const input_table_none[] = {
+ NULL,
+};
+
+static const char* const input_table_quotes[] = {
+ "\"",
+ "'",
+ "\"\"",
+ "\\",
+ "\\\\",
+ NULL,
+};
+#define QUOTES_STRING \
+ "\"\\\"\" " \
+ "\"\\\'\" " \
+ "\"\\\"\\\"\" " \
+ "\"\\\\\" " \
+ "\"\\\\\\\\\""
+
+static const char * const input_table_spaces[] = {
+ " ",
+ "' '",
+ "\" ",
+ " \"",
+ " \\\\ ",
+ NULL,
+};
+#define SPACES_STRING \
+ "\" \" " \
+ "\"\\' \\'\" " \
+ "\"\\\" \" " \
+ "\" \\\"\" " \
+ "\" \\\\\\\\ \""
- assert_se(strv_find((char **)input_table, "three"));
- assert_se(!strv_find((char **)input_table, "four"));
+static void test_strv_find(void) {
+ assert_se(strv_find((char **)input_table_multiple, "three"));
+ assert_se(!strv_find((char **)input_table_multiple, "four"));
}
static void test_strv_find_prefix(void) {
- const char * const input_table[] = {
- "one",
- "two",
- "three",
- NULL
- };
-
- assert_se(strv_find_prefix((char **)input_table, "o"));
- assert_se(strv_find_prefix((char **)input_table, "one"));
- assert_se(strv_find_prefix((char **)input_table, ""));
- assert_se(!strv_find_prefix((char **)input_table, "xxx"));
- assert_se(!strv_find_prefix((char **)input_table, "onee"));
+ assert_se(strv_find_prefix((char **)input_table_multiple, "o"));
+ assert_se(strv_find_prefix((char **)input_table_multiple, "one"));
+ assert_se(strv_find_prefix((char **)input_table_multiple, ""));
+ assert_se(!strv_find_prefix((char **)input_table_multiple, "xxx"));
+ assert_se(!strv_find_prefix((char **)input_table_multiple, "onee"));
}
static void test_strv_join(void) {
_cleanup_free_ char *p = NULL, *q = NULL, *r = NULL, *s = NULL, *t = NULL;
- const char * const input_table_multiple[] = {
- "one",
- "two",
- "three",
- NULL
- };
- const char * const input_table_one[] = {
- "one",
- NULL
- };
- const char * const input_table_none[] = {
- NULL
- };
-
p = strv_join((char **)input_table_multiple, ", ");
assert_se(p);
assert_se(streq(p, "one, two, three"));
@@ -107,6 +125,25 @@ static void test_strv_join(void) {
assert_se(streq(t, ""));
}
+static void test_strv_quote_unquote(const char* const *split, const char *quoted) {
+ _cleanup_free_ char *p;
+ _cleanup_strv_free_ char **s;
+ char **t;
+
+ p = strv_join_quoted((char **)split);
+ printf("-%s- --- -%s-\n", p, quoted); /* fprintf deals with NULL, puts does not */
+ assert_se(p);
+ assert_se(streq(p, quoted));
+
+ s = strv_split_quoted(quoted);
+ assert_se(s);
+ STRV_FOREACH(t, s) {
+ assert_se(*t);
+ assert_se(streq(*t, *split));
+ split++;
+ }
+}
+
static void test_strv_split_nulstr(void) {
_cleanup_strv_free_ char **l = NULL;
const char nulstr[] = "str0\0str1\0str2\0str3\0";
@@ -253,6 +290,13 @@ int main(int argc, char *argv[]) {
test_strv_find();
test_strv_find_prefix();
test_strv_join();
+
+ test_strv_quote_unquote(input_table_multiple, "\"one\" \"two\" \"three\"");
+ test_strv_quote_unquote(input_table_one, "\"one\"");
+ test_strv_quote_unquote(input_table_none, "");
+ test_strv_quote_unquote(input_table_quotes, QUOTES_STRING);
+ test_strv_quote_unquote(input_table_spaces, SPACES_STRING);
+
test_strv_split_nulstr();
test_strv_parse_nulstr();
test_strv_overlap();