apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 58123] New: apr_proc_create does not quote APR_SHELLCMD argument strings correctly on Unix
Date Sat, 11 Jul 2015 03:00:01 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=58123

            Bug ID: 58123
           Summary: apr_proc_create does not quote APR_SHELLCMD argument
                    strings correctly on Unix
           Product: APR
           Version: HEAD
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: APR
          Assignee: bugs@apr.apache.org
          Reporter: jared.breeden@gmail.com

On unix, when executing an APR_SHELLCMD[_ENV] cmd_type, `apr_proc_create` does
not quote the arguments given to the shell correctly.

EXAMPLE:

- `apr_proc_create` is called with ["ruby", "-e", "exit 1"]
- In the code shown below, this is converted to [SHELL_PATH, "-c", "ruby -e
exit 1"]
- Notice that "exit 1" is not quoted, and so will be evaluated as two
arguments.


>From unix/proc.c, with comments added & some lines omitted:

```
if (attr->cmdtype == APR_SHELLCMD ||
    attr->cmdtype == APR_SHELLCMD_ENV) {
    /* 
     * ...
     * Constucting `newargs` as [SHELL_PATH, '-c', onearg]
     * ...
     */
    default:
    {
        char *ch, *onearg;

        ch = onearg = apr_palloc(pool, onearg_len);
        i = 0;
        while (args[i]) {
            size_t len = strlen(args[i]);

            /*
             * Each argument is appended onto `onearg` without quotes.
             */
            memcpy(ch, args[i], len);
            ch += len;
            *ch = ' ';
            ++ch;
            ++i;
        }
        --ch; /* back up to trailing blank */
        *ch = '\0';
        newargs[2] = onearg;
    }
  }

  /*
   * ...
   * Later, when execv is called, the shell will split `onearg` on the spaces,
   * possible separating any args that simply had spaces in them.
   */

  execv(SHELL_PATH, (char * const *)newargs);
```

NOTE:

Not tested, but the code for Windows seems to handle this correctly...

>From win32/proc.c
```
cmdline = "";
for (i = 1; args && args[i]; ++i) {
    if (has_space(args[i]) || !args[i][0]) {
        cmdline = apr_pstrcat(pool, cmdline, " \"", args[i], "\"", NULL);
    }
    else {
        cmdline = apr_pstrcat(pool, cmdline, " ", args[i], NULL);
    }
}
```

WORKAROUND:

Passing the argument vector as a single string (ie: ["ruby -e \"exit 1\"])
seems to work fine.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message