Quoting Andree Leidenfrost <[EMAIL PROTECTED]>:
Steven, Bruno,
Attached please find a patch and demo program for a new function
mr_stresc() to properly escape strings for use as arguments with (the
likes of) system() and popen().
I have thought about using functions like exec() or fork() to avoid
system() and popen(). I don't really see how the two latter would be
generally evil.
I never said system() is generally evil and I did not mean to imply
that. Both system() and exec() have their uses, but you need to know
*all* the rules in order to use them. The common pitfall when using
system() is that you need to escape the string because it will be
interpreted by the shell. Using exec() is one way to avoid that
pitfall. Doing proper escaping is another, perfectly reasonable
solution.
To the contrary, e.g. using a function that submits
things to 'sh -c' means we have a sane environment like a PATH and so
forth.
Yeah, well ... that depends on whether you can presume the user does
have a sane PATH variable. I'm inclined to believe the opposite,
actually.
I therefore suggest use of the attached function when calling system()
or popen() where required. I believe this is low-risk, low-overhead,
little work, a clean approach and can be done bit by bit.
What do you say?
Proper escaping is not impossible, but it is pretty hard due to the
arcane syntax of the shell. However, your previous message implied
that the filenames are always passed inside double quotes, and
therefore there are exactly three characters that need escaping.
Since you have a very restricted escaping problem, I agree that
escaping is a much easier solution that replacing system() by
fork()/exec().
However, your proposed mr_stresc() function has two flaws:
1. New memory is allocated each time so you run the risk of a memory
leak if the return value is not freed in the caller (and, indeed, it
is not in the mondo patch you attach).
2. Not enough memory is allocated so you're going to overrun the
buffer anytime there is a character to escape. Have a closer look at
the manpage for strspn().
-Steve
