Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
1507-erts-Fix-batch-file-invocation-in-open_por...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 1507-erts-Fix-batch-file-invocation-in-open_port.patch of Package erlang
From 2b64e8b98c114123a5386e99d6eb28483a52834d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?John=20H=C3=B6gberg?= <john@erlang.org> Date: Tue, 2 Apr 2024 12:13:14 +0200 Subject: [PATCH] erts: Fix batch file invocation in open_port Co-authored-by: Dan Gudmundsson <dgud@erlang.org> --- erts/emulator/sys/win32/sys.c | 71 ++++++++++++++++++++++++++++------- 1 file changed, 58 insertions(+), 13 deletions(-) diff --git a/erts/emulator/sys/win32/sys.c b/erts/emulator/sys/win32/sys.c index 2a37c075f8..841487edc7 100644 --- a/erts/emulator/sys/win32/sys.c +++ b/erts/emulator/sys/win32/sys.c @@ -1442,6 +1442,42 @@ int parse_command(wchar_t* cmd){ } +static int requires_quote(wchar_t c, int applType) { + switch (c) { + case L' ': + return 1; + case L'&': + case L'<': + case L'>': + case L'[': + case L']': + case L'|': + case L'{': + case L'}': + case L'^': + case L'=': + case L';': + case L'!': + case L'\'': + case L'+': + case L',': + case L'`': + case L'~': + case L'\t': + case L'\r': + case L'\n': + /* According to [1], these characters need to be quoted when using + * `cmd /c`. Otherwise, using `&` (for example) can spawn other + * executables. + * + * [1]: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cmd + */ + return applType == APPL_DOS; + default: + return 0; + } +} + /* * Translating of command line arguments to correct format. In the examples * below the '' are not part of the actual string. @@ -1457,17 +1493,26 @@ int parse_command(wchar_t* cmd){ * one level of escaping since it takes a single long command line rather * than the argument chunks that unix uses. */ -static int escape_and_quote(wchar_t *str, wchar_t *new, BOOL *quoted) { +static int escape_and_quote(wchar_t *str, + int applType, + wchar_t *new, + BOOL *quoted) { int i, j = 0; - if (new == NULL) + + if (new == NULL) { *quoted = FALSE; - else if (*quoted) + } else if (*quoted) { new[j++] = L'"'; + } + for ( i = 0; str[i] != L'\0'; i++,j++) { - if (str[i] == L' ' && new == NULL && *quoted == FALSE) { - *quoted = TRUE; - j++; - } + if (new == NULL && + *quoted == FALSE && + requires_quote(str[i], applType)) { + *quoted = TRUE; + j++; + } + /* check if we have to escape quotes */ if (str[i] == L'"') { if (new) new[j] = L'\\'; @@ -1572,7 +1617,7 @@ create_child_process return FALSE; } - quotedLen = escape_and_quote(execPath, NULL, &need_quote); + quotedLen = escape_and_quote(execPath, applType, NULL, &need_quote); newcmdline = (wchar_t *) erts_alloc(ERTS_ALC_T_TMP, (11+quotedLen+wcslen(origcmd)-cmdlength)*sizeof(wchar_t)); @@ -1598,7 +1643,7 @@ create_child_process createFlags = 0; } - ptr += escape_and_quote(execPath, ptr, &need_quote); + ptr += escape_and_quote(execPath, applType, ptr, &need_quote); wcscpy(ptr, origcmd+cmdlength); DEBUGF(("Creating child process: %S, createFlags = %d\n", newcmdline, createFlags)); @@ -1654,7 +1699,7 @@ create_child_process if (argv == NULL) { BOOL orig_need_q; wchar_t *ptr; - int ocl = escape_and_quote(execPath, NULL, &orig_need_q); + int ocl = escape_and_quote(execPath, applType, NULL, &orig_need_q); if (run_cmd) { newcmdline = (wchar_t *) erts_alloc(ERTS_ALC_T_TMP, (ocl + 1 + 11)*sizeof(wchar_t)); @@ -1665,7 +1710,7 @@ create_child_process (ocl + 1)*sizeof(wchar_t)); ptr = (wchar_t *) newcmdline; } - ptr += escape_and_quote(execPath, ptr, &orig_need_q); + ptr += escape_and_quote(execPath, applType, ptr, &orig_need_q); ptr[0] = L'\0'; } else { int sum = 0; @@ -1686,7 +1731,7 @@ create_child_process ar = argv; while (*ar != NULL) { - sum += escape_and_quote(*ar,NULL,qte+(ar - argv)); + sum += escape_and_quote(*ar, applType, NULL,qte+(ar - argv)); sum++; /* space */ ++ar; } @@ -1698,7 +1743,7 @@ create_child_process n += 11; } while (*ar != NULL) { - n += escape_and_quote(*ar,n,qte+(ar - argv)); + n += escape_and_quote(*ar, applType, n,qte+(ar - argv)); *n++ = L' '; ++ar; } -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor