>From 452456fa556af40ac6de1cc8c91dd4bafca15d1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= Date: Thu, 28 Jul 2011 15:25:00 +0200 Subject: [PATCH 2/4] Add virBufferEscapeShell Escape strings so they're safe to pass to the shell. It's based on virsh's cmdEcho. --- src/libvirt_private.syms | 1 + src/util/buf.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++ src/util/buf.h | 1 + 3 files changed, 56 insertions(+), 0 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4f96518..0c26ba7 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -28,6 +28,7 @@ virBufferError; virBufferEscape; virBufferEscapeSexpr; virBufferEscapeString; +virBufferEscapeShell; virBufferFreeAndReset; virBufferStrcat; virBufferURIEncodeString; diff --git a/src/util/buf.c b/src/util/buf.c index fa12855..34347b5 100644 --- a/src/util/buf.c +++ b/src/util/buf.c @@ -486,6 +486,60 @@ virBufferURIEncodeString (virBufferPtr buf, const char *str) } /** + * virBufferEscapeShell: + * @buf: the buffer to append to + * @str: an unquoted string + * + * Quotes a string so that the shell (/bin/sh) will interpret the + * quoted string to mean str. + */ +void +virBufferEscapeShell(virBufferPtr buf, const char *str) +{ + int len; + char *escaped, *out; + const char *cur; + + if ((buf == NULL) || (str == NULL)) + return; + + if (buf->error) + return; + + /* Only quote if str includes shell metacharacters. */ + if (!strpbrk(str, "\r\t\n !\"#$&'()*;<>?[\\]^`{|}~")) { + virBufferAdd(buf, str, -1); + return; + } + + len = strlen(str); + if (xalloc_oversized(4, len) || + VIR_ALLOC_N(escaped, 4 * len + 3) < 0) { + virBufferSetError(buf); + return; + } + + cur = str; + out = escaped; + + *out++ = '\''; + while (*cur != 0) { + *out++ = *cur++; + if (*cur == '\'') { + /* Replace literal ' with a close ', a \', and a open ' */ + *out++ = '\\'; + *out++ = '\''; + *out++ = '\''; + } + } + *out++ = '\''; + *out = 0; + + virBufferAdd(buf, escaped, -1); + VIR_FREE(escaped); +} + +/** * virBufferStrcat: * @buf: the buffer to dump * @...: the variable list of strings, the last argument must be NULL diff --git a/src/util/buf.h b/src/util/buf.h index e545ed9..1d0e790 100644 --- a/src/util/buf.h +++ b/src/util/buf.h @@ -52,6 +52,7 @@ void virBufferEscapeString(const virBufferPtr buf, const char *format, const cha void virBufferEscapeSexpr(const virBufferPtr buf, const char *format, const char *str); void virBufferEscape(const virBufferPtr buf, const char *toescape, const char *format, const char *str); void virBufferURIEncodeString (const virBufferPtr buf, const char *str); +void virBufferEscapeShell(virBufferPtr buf, const char *str); # define virBufferAddLit(buf_, literal_string_) \ virBufferAdd (buf_, "" literal_string_ "", sizeof literal_string_ - 1) -- 1.7.6.3