Bug#379966: Proposed New Function mr_stresc()

Sat, 29 Jul 2006 23:10:20 -0700 

Steven, Bruno,

Attached please find a patch and demo program for a new function
mr_stresc() to properly escape strings for use as arguments with (the
likes of) system() and popen().

I have thought about using functions like exec() or fork() to avoid
system() and popen(). I don't really see how the two latter would be
generally evil. To the contrary, e.g. using a function that submits
things to 'sh -c' means we have a sane environment like a PATH and so
forth. Also, look at the sheer number of occurrences of system() and
popen()! (Mind you, I am not saying that nothing should be converted to
use exec() or fork(), only that I believe there will and should always
be some calls to system() and open().)

I therefore suggest use of the attached function when calling system()
or popen() where required. I believe this is low-risk, low-overhead,
little work, a clean approach and can be done bit by bit.

What do you say?

Apart from this, the function itself may be buggy or not do what it
should. I've tested it and it works for me, but it would be very good if
you, Steven, could apply attached patch and run mondoarchive again to
test. Also, general feedback on the actual code would be highly welcome.

Best regards,
Andree
-- 
Andree Leidenfrost
@ Debian Developer
Sydney - Australia

Attachment: mondo_bts#379966.diff
Description: Binary data

#include <stdlib.h>
#include <string.h>
#include <stdio.h>

char *mr_stresc(const char *inptr, const char *toesc, const char escchr) {

  char *retstr = NULL;
  char *retptr = NULL;
  char *escptr = NULL;

  retstr = (char *)malloc(strlen(inptr) + strspn(inptr, toesc) + 1);
  retptr = (char *)retstr;

  while (*inptr != '\0') {
    escptr = (char *)toesc;
    while (*escptr != '\0') {
      if (*inptr == *escptr++) {
	*retptr++ = escchr;
	break;
      }
    }
    *retptr++ = *inptr++;
  }
  *retptr = '\0';

  return retstr;

}

int main() {

  const char escchr = '\\';
  const char escape_list[3] = "`$\\";
  char string[44] = "These need escaping: `$\\, these don't: abc.";

  printf("Before: %s\n", string);
  printf("After:  %s\n", mr_stresc(string, escape_list, escchr));

  return 0;

}

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to