From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=sqIF=7O=redhat.com=josimmon@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by sourceware.org (Postfix) with ESMTPS id F0C103858433
	for <libc-alpha@sourceware.org>; Wed, 22 Mar 2023 18:04:44 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F0C103858433
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1679508284;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XldrGKqAdXwRuZeEt0i2uAOeR5QrEFGDfnd7FlpwfkY=;
	b=dx4ECMX11ReU5YWMkRr50OjE49/fqJTrPmBavbF4jn6usNXqbRotYFQlulhNQNEiB6cWbR
	p5uyQzGSeMDbXKFgjpPIpjwh9qpVlmViXlrcK9AW585gf9QjT2coyJVjPrEpTqV542XlOl
	ZM2RjdXomGEsfo1DFXgLus0mqRrmw/A=
Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com
 [209.85.160.197]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-298-5rCdPD07MECj1sGoNTwklA-1; Wed, 22 Mar 2023 14:04:43 -0400
X-MC-Unique: 5rCdPD07MECj1sGoNTwklA-1
Received: by mail-qt1-f197.google.com with SMTP id r4-20020ac867c4000000b003bfefb6dd58so11420331qtp.2
        for <libc-alpha@sourceware.org>; Wed, 22 Mar 2023 11:04:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1679508282;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=XldrGKqAdXwRuZeEt0i2uAOeR5QrEFGDfnd7FlpwfkY=;
        b=uoo4HRtumoVcvuuPiA4riY/qRiO61UApAUnna8h0jcmni1pLAc2U/ECCGZp1+FbSgL
         9OWoswaatY0SDSE+33qUir2GyuwysUGy/jkmZWJocupzK4UNY8OUonBAxl9tv1sYasNd
         KqXcCQdyXogo3BttvREiomjbKBGTRYClmyiXeYSDnlaocL97XUpl/bSDBPJI5C7Pyjz7
         5l8a5BMpOzBMqD3azO+5rT6UnN5CRdnbYiHQ2Nw7M0gUNYk0kCUIEkwgusalOAFTuYVz
         98wFrnwkOyPFu6oG0g4TC4z3nsOj77eGX2w+7mLN++3EHhmTKvTVXlea7J2+9XkWYsEW
         Y6HQ==
X-Gm-Message-State: AO0yUKUg7Zm9QiC9IxEOfoZbS4YpETHm1V9OI4F+Ey3asQTRP9FSWxD8
	S5QM/eQdwBuAi36f76OZf5HWwodRM6UF2Cpur9PvENnqob5r6h+hB22ccFQ7Q+cWgTO2Tw1x8be
	qgSb3G7aN2E1d8pDEo9kbP8PyMg3ttR1QpB0tAFam5a6qgqNmGia9+XgyX+4OPlVxkeLdN9tmO0
	zBn9Pe
X-Received: by 2002:a05:6214:2262:b0:56e:a2cb:5732 with SMTP id gs2-20020a056214226200b0056ea2cb5732mr8377512qvb.9.1679508282643;
        Wed, 22 Mar 2023 11:04:42 -0700 (PDT)
X-Google-Smtp-Source: AK7set+Lu6661/lbgf0gUr0QDFQ7FvylOlP9+PdRnFuLpAF0qbgI4pvm9V6H0OsYTHm9/imylkG+kA==
X-Received: by 2002:a05:6214:2262:b0:56e:a2cb:5732 with SMTP id gs2-20020a056214226200b0056ea2cb5732mr8377470qvb.9.1679508282193;
        Wed, 22 Mar 2023 11:04:42 -0700 (PDT)
Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238])
        by smtp.gmail.com with ESMTPSA id o10-20020a05620a228a00b007441b675e81sm11722891qkh.22.2023.03.22.11.04.41
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 Mar 2023 11:04:41 -0700 (PDT)
From: Joe Simmons-Talbott <josimmon@redhat.com>
To: libc-alpha@sourceware.org
Cc: Joe Simmons-Talbott <josimmon@redhat.com>
Subject: [PATCH] system: Add "--" after "-c" for sh (BZ #28519)
Date: Wed, 22 Mar 2023 14:04:30 -0400
Message-Id: <20230322180430.986512-1-josimmon@redhat.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
X-Spam-Status: No, score=-11.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

Prevent sh from interpreting a user string as shell options if it
starts with '-' or '+'.  Since the version of /bin/sh used for testing
system() is different from the full-fledged system /bin/sh add support
to it for handling "--" after "-c".  Add a testcase to ensure the
expected behavior.

Signed-off-by: Joe Simmons-Talbott <josimmon@redhat.com>
---
 libio/iopopen.c           |  2 +-
 stdlib/tst-system.c       | 14 ++++++++++++++
 support/shell-container.c |  7 ++++++-
 sysdeps/posix/system.c    |  1 +
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/libio/iopopen.c b/libio/iopopen.c
index d0545ad5ea..eef6d1ef18 100644
--- a/libio/iopopen.c
+++ b/libio/iopopen.c
@@ -89,7 +89,7 @@ spawn_process (posix_spawn_file_actions_t *fa, FILE *fp, const char *command,
     }
 
   err = __posix_spawn (&((_IO_proc_file *) fp)->pid, _PATH_BSHELL, fa, 0,
-		       (char *const[]){ (char*) "sh", (char*) "-c",
+		       (char *const[]){ (char*) "sh", (char*) "-c", (char*) "--",
 		       (char *) command, NULL }, __environ);
   if (err != 0)
     return err;
diff --git a/stdlib/tst-system.c b/stdlib/tst-system.c
index 47a0afe6bf..3a55ec2791 100644
--- a/stdlib/tst-system.c
+++ b/stdlib/tst-system.c
@@ -146,6 +146,20 @@ do_test (void)
     TEST_COMPARE_STRING (result.out.buffer, "...\n");
   }
 
+  {
+    struct support_capture_subprocess result;
+    const char *cmd = "-echo";
+    result = support_capture_subprocess (call_system,
+					 &(struct args) { cmd, 127 });
+    support_capture_subprocess_check (&result, "system", 0, sc_allow_stderr |
+			sc_allow_stdout);
+    char *returnerr = xasprintf ("%s: execing -echo failed: "
+				 "No such file or directory",
+				 basename(_PATH_BSHELL));
+    TEST_COMPARE_STRING (result.err.buffer, returnerr);
+    free (returnerr);
+  }
+
   {
     struct support_capture_subprocess result;
     result = support_capture_subprocess (call_system,
diff --git a/support/shell-container.c b/support/shell-container.c
index b1f9e793c1..28437e4206 100644
--- a/support/shell-container.c
+++ b/support/shell-container.c
@@ -455,7 +455,12 @@ main (int argc, const char **argv)
     dprintf (stderr, "  argv[%d] is `%s'\n", i, argv[i]);
 
   if (strcmp (argv[1], "-c") == 0)
-    run_command_string (argv[2], argv+3);
+    {
+      if (strcmp (argv[2], "--") == 0)
+		run_command_string (argv[3], argv+4);
+      else
+		run_command_string (argv[2], argv+3);
+    }
   else
     run_script (argv[1], argv+2);
 
diff --git a/sysdeps/posix/system.c b/sysdeps/posix/system.c
index d77720a625..488b95163b 100644
--- a/sysdeps/posix/system.c
+++ b/sysdeps/posix/system.c
@@ -147,6 +147,7 @@ do_system (const char *line)
   ret = __posix_spawn (&pid, SHELL_PATH, 0, &spawn_attr,
 		       (char *const[]){ (char *) SHELL_NAME,
 					(char *) "-c",
+					(char *) "--",
 					(char *) line, NULL },
 		       __environ);
   __posix_spawnattr_destroy (&spawn_attr);
-- 
2.39.2