Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Improved quoting for filenames on constructed command-lines. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
b3fab9b5ddfedf9332c177a1959c44bb |
| User & Date: | drh 2021-06-22 18:57:00.154 |
Context
|
2021-06-22
| ||
| 19:19 | Further improvements to argument escaping on Unix. check-in: 597f0bc224 user: drh tags: trunk | |
| 18:57 | Improved quoting for filenames on constructed command-lines. check-in: b3fab9b5dd user: drh tags: trunk | |
| 18:19 | Reworked the MinGW outdated instructions in www/build.wiki. It was still warning about a MinGW bug from 2014, and it didn't cover the cross-compilation details at all. That in turn gives us a basis for explaining why cross-compilation may matter even to those who don't realize they're doing so, as in the Cygwin and WSL cases, which then explains why we recommend against using MinGW Make and the USE_WINDOWS=1 mode. check-in: 2c66a5395a user: wyoung tags: trunk | |
Changes
Changes to src/blob.c.
| ︙ | ︙ | |||
1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 |
}
}else{
z[--j] = z[i];
}
}
}
/*
** pBlob is a shell command under construction. This routine safely
** appends argument zIn.
**
** The argument is escaped if it contains white space or other characters
** that need to be escaped for the shell. If zIn contains characters
** that cannot be safely escaped, then throw a fatal error.
**
** The argument is expected to a filename of some kinds. As shell commands
** commonly have command-line options that begin with "-" and since we
** do not want an attacker to be able to invoke these switches using
** filenames that begin with "-", if zIn begins with "-", prepend
** an additional "./".
*/
void blob_append_escaped_arg(Blob *pBlob, const char *zIn){
int i;
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > | < < < | < > > | | < > | | | | | | < | | > | > > > > > > > > > > | | | | < | | < | < < | | | > | > | > | < > | < < < < < | < | 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 |
}
}else{
z[--j] = z[i];
}
}
}
/*
** ASCII (for reference):
** x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf
** 0x ^` ^a ^b ^c ^d ^e ^f ^g \b \t \n () \f \r ^n ^o
** 1x ^p ^q ^r ^s ^t ^u ^v ^w ^x ^y ^z ^{ ^| ^} ^~ ^
** 2x () ! " # $ % & ' ( ) * + , - . /
** 3x 0 1 2 3 4 5 6 7 8 9 : ; < = > ?
** 4x @ A B C D E F G H I J K L M N O
** 5x P Q R S T U V W X Y Z [ \ ] ^ _
** 6x ` a b c d e f g h i j k l m n o
** 7x p q r s t u v w x y z { | } ~ ^_
*/
/*
** Characters that need to be escaped are marked with 1.
** Illegal characters are marked with 2.
*/
static const char aSafeChar[256] = {
#ifdef _WIN32
/* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 0x */
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 1x */
1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, /* 2x */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 4x */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, /* 5x */
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 6x */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* 7x */
#else
/* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf */
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 0x */
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, /* 1x */
1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, /* 2x */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, /* 3x */
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 4x */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, /* 5x */
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 6x */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, /* 7x */
#endif
/* All the rest are zeros */
};
/*
** pBlob is a shell command under construction. This routine safely
** appends argument zIn.
**
** The argument is escaped if it contains white space or other characters
** that need to be escaped for the shell. If zIn contains characters
** that cannot be safely escaped, then throw a fatal error.
**
** The argument is expected to a filename of some kinds. As shell commands
** commonly have command-line options that begin with "-" and since we
** do not want an attacker to be able to invoke these switches using
** filenames that begin with "-", if zIn begins with "-", prepend
** an additional "./".
*/
void blob_append_escaped_arg(Blob *pBlob, const char *zIn){
int i;
unsigned char c;
int needEscape = 0;
int hasIllegal = 0;
int n = blob_size(pBlob);
char *z = blob_buffer(pBlob);
#if defined(_WIN32)
const char *zNeedQuote = "\"^[];*? ";
#else
const char *zNeedQuote = "\"'\\*?$&|` ";
#endif
/* Any control character is illegal. This prevents \n and \r in an
** argument. */
for(i=0; (c = (unsigned char)zIn[i])!=0; i++){
if( aSafeChar[c] ){
if( aSafeChar[c]==2 ){
Blob bad;
blob_token(pBlob, &bad);
fossil_fatal("the [%s] argument to the \"%s\" command contains "
"a character (ascii 0x%02x) that is a security risk",
zIn, blob_str(&bad), c);
}else{
needEscape = 1;
}
break;
}
}
/* Separate from the previous argument by a space */
if( n>0 && !fossil_isspace(z[n-1]) ){
blob_append_char(pBlob, ' ');
}
/* Check for characters that need quoting */
needEscape = strpbrk(zIn, zNeedQuote)!=0;
if( !needEscape ){
blob_append(pBlob, zIn, -1);
}else{
#if defined(_WIN32)
blob_append_char(pBlob, '"');
if( zIn[0]=='-' ){
blob_append_char(pBlob, '.');
blob_append_char(pBlob, '\\');
}else if( zIn[0]=='/' ){
blob_append_char(pBlob, '.');
}
for(i=0; (c = (unsigned char)zIn[i])!=0; i++){
blob_append_char(pBlob, (char)c);
if( c=='"' ) blob_append_char(pBlob, '"');
}
blob_append_char(pBlob, '"');
#else
if( zIn[0]=='-' ){
blob_append_char(pBlob, '.');
blob_append_char(pBlob, '/');
}
for(i=0; (c = (unsigned char)zIn[i])!=0; i++){
if( aSafeChar[c] ) blob_append_char(pBlob, '\\');
blob_append_char(pBlob, (char)c);
}
#endif
}
}
/*
** COMMAND: test-escaped-arg
**
** Usage %fossil ARG ...
|
| ︙ | ︙ |
Changes to src/file.c.
| ︙ | ︙ | |||
1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 |
** the temporary file is derived from zBasis. The suffix on the temp
** file is the same as the suffix on zBasis, and the temp file has
** the root of zBasis in its name.
**
** If zTag is not NULL, then try to create the temp-file using zTag
** as a differentiator. If that fails, or if zTag is NULL, then use
** a bunch of random characters as the tag.
*/
void file_tempname(Blob *pBuf, const char *zBasis, const char *zTag){
#if defined(_WIN32)
const char *azDirs[] = {
0, /* GetTempPath */
0, /* TEMP */
0, /* TMP */
".",
};
| > > < > | 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 |
** the temporary file is derived from zBasis. The suffix on the temp
** file is the same as the suffix on zBasis, and the temp file has
** the root of zBasis in its name.
**
** If zTag is not NULL, then try to create the temp-file using zTag
** as a differentiator. If that fails, or if zTag is NULL, then use
** a bunch of random characters as the tag.
**
** Dangerous characters in zBasis are changed.
*/
void file_tempname(Blob *pBuf, const char *zBasis, const char *zTag){
#if defined(_WIN32)
const char *azDirs[] = {
0, /* GetTempPath */
0, /* TEMP */
0, /* TMP */
".",
};
#else
static const char *azDirs[] = {
0, /* TMPDIR */
"/var/tmp",
"/usr/tmp",
"/tmp",
"/temp",
".",
};
#endif
static const unsigned char zChars[] =
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789";
unsigned int i;
const char *zDir = ".";
int cnt = 0;
char zRand[16];
int nBasis;
const char *zSuffix;
char *z;
#if defined(_WIN32)
wchar_t zTmpPath[MAX_PATH];
if( GetTempPathW(MAX_PATH, zTmpPath) ){
azDirs[0] = fossil_path_to_utf8(zTmpPath);
/* Removing trailing \ from the temp path */
|
| ︙ | ︙ | |||
1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 |
zRand[i] = (char)zChars[ ((unsigned char)zRand[i])%(sizeof(zChars)-1) ];
}
zRand[15] = 0;
zTag = zRand;
}
blob_appendf(pBuf, "%s/%.*s~%s%s", zDir, nBasis, zBasis, zTag, zSuffix);
zTag = 0;
}while( file_size(blob_str(pBuf), ExtFILE)>=0 );
#if defined(_WIN32)
fossil_path_free((char *)azDirs[0]);
fossil_path_free((char *)azDirs[1]);
fossil_path_free((char *)azDirs[2]);
/* Change all \ characters in the windows path into / so that they can
| > > > | 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 |
zRand[i] = (char)zChars[ ((unsigned char)zRand[i])%(sizeof(zChars)-1) ];
}
zRand[15] = 0;
zTag = zRand;
}
blob_appendf(pBuf, "%s/%.*s~%s%s", zDir, nBasis, zBasis, zTag, zSuffix);
zTag = 0;
for(z=blob_str(pBuf); z!=0 && (z=strpbrk(z,"'\"`;|$&"))!=0; z++){
z[0] = '_';
}
}while( file_size(blob_str(pBuf), ExtFILE)>=0 );
#if defined(_WIN32)
fossil_path_free((char *)azDirs[0]);
fossil_path_free((char *)azDirs[1]);
fossil_path_free((char *)azDirs[2]);
/* Change all \ characters in the windows path into / so that they can
|
| ︙ | ︙ |