From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1791) id E9F063858C2B; Tue, 28 Mar 2023 13:58:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E9F063858C2B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1680011938; bh=qAPUPHVIAQl5da5h4hxIF5e6T5wzPBrNl4sAU71vYwI=; h=From:To:Subject:Date:From; b=LSvdKz9AybFBhpIwxLg968G4Y/6EWzZCEc02IquHsVs0CMxvqirfd5mJgO0RIwCwl 05NX/MReXzcrmta+lnZrqtg+mhIXc7rLjENv1kBOz6txsnqXGLNWBz8g9KLFqIvnDJ O3//zYvsTLDJkw/BEUkoYp5AUucj4s6AikT+YI5M= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Adhemerval Zanella To: glibc-cvs@sourceware.org Subject: [glibc] system: Add "--" after "-c" for sh (BZ #28519) X-Act-Checkin: glibc X-Git-Author: Joe Simmons-Talbott X-Git-Refname: refs/heads/master X-Git-Oldrev: 31bfe3ef4ea898df606cb6cc59ac72de27002b01 X-Git-Newrev: 868506eb427c9dcc6d869cd4885679be04e1b7dd Message-Id: <20230328135858.E9F063858C2B@sourceware.org> Date: Tue, 28 Mar 2023 13:58:58 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=868506eb427c9dcc6d869cd4885679be04e1b7dd commit 868506eb427c9dcc6d869cd4885679be04e1b7dd Author: Joe Simmons-Talbott Date: Wed Mar 22 14:04:30 2023 -0400 system: Add "--" after "-c" for sh (BZ #28519) Prevent sh from interpreting a user string as shell options if it starts with '-' or '+'. Since the version of /bin/sh used for testing system() is different from the full-fledged system /bin/sh add support to it for handling "--" after "-c". Add a testcase to ensure the expected behavior. Signed-off-by: Joe Simmons-Talbott Reviewed-by: Adhemerval Zanella Diff: --- libio/iopopen.c | 2 +- stdlib/tst-system.c | 14 ++++++++++++++ support/shell-container.c | 7 ++++++- sysdeps/posix/system.c | 1 + 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/libio/iopopen.c b/libio/iopopen.c index a64033e60f..4cc405f2de 100644 --- a/libio/iopopen.c +++ b/libio/iopopen.c @@ -87,7 +87,7 @@ spawn_process (posix_spawn_file_actions_t *fa, FILE *fp, const char *command, } err = __posix_spawn (&((_IO_proc_file *) fp)->pid, _PATH_BSHELL, fa, 0, - (char *const[]){ (char*) "sh", (char*) "-c", + (char *const[]){ (char*) "sh", (char*) "-c", (char*) "--", (char *) command, NULL }, __environ); if (err != 0) return err; diff --git a/stdlib/tst-system.c b/stdlib/tst-system.c index 47a0afe6bf..3a55ec2791 100644 --- a/stdlib/tst-system.c +++ b/stdlib/tst-system.c @@ -146,6 +146,20 @@ do_test (void) TEST_COMPARE_STRING (result.out.buffer, "...\n"); } + { + struct support_capture_subprocess result; + const char *cmd = "-echo"; + result = support_capture_subprocess (call_system, + &(struct args) { cmd, 127 }); + support_capture_subprocess_check (&result, "system", 0, sc_allow_stderr | + sc_allow_stdout); + char *returnerr = xasprintf ("%s: execing -echo failed: " + "No such file or directory", + basename(_PATH_BSHELL)); + TEST_COMPARE_STRING (result.err.buffer, returnerr); + free (returnerr); + } + { struct support_capture_subprocess result; result = support_capture_subprocess (call_system, diff --git a/support/shell-container.c b/support/shell-container.c index b1f9e793c1..28437e4206 100644 --- a/support/shell-container.c +++ b/support/shell-container.c @@ -455,7 +455,12 @@ main (int argc, const char **argv) dprintf (stderr, " argv[%d] is `%s'\n", i, argv[i]); if (strcmp (argv[1], "-c") == 0) - run_command_string (argv[2], argv+3); + { + if (strcmp (argv[2], "--") == 0) + run_command_string (argv[3], argv+4); + else + run_command_string (argv[2], argv+3); + } else run_script (argv[1], argv+2); diff --git a/sysdeps/posix/system.c b/sysdeps/posix/system.c index d77720a625..488b95163b 100644 --- a/sysdeps/posix/system.c +++ b/sysdeps/posix/system.c @@ -147,6 +147,7 @@ do_system (const char *line) ret = __posix_spawn (&pid, SHELL_PATH, 0, &spawn_attr, (char *const[]){ (char *) SHELL_NAME, (char *) "-c", + (char *) "--", (char *) line, NULL }, __environ); __posix_spawnattr_destroy (&spawn_attr);