diff options
| author | Robin Haberkorn <robin.haberkorn@googlemail.com> | 2025-02-27 01:09:21 +0300 |
|---|---|---|
| committer | Robin Haberkorn <robin.haberkorn@googlemail.com> | 2025-02-27 01:09:21 +0300 |
| commit | a338e1a880cf14cad6034bd6d837e0f3c35756b9 (patch) | |
| tree | 14ebcc2af86913923492d18dbb0281a09aa39b31 /src/spawn.c | |
| parent | ccf9ee2465497983b78e2b354926bcd390f27615 (diff) | |
| download | sciteco-a338e1a880cf14cad6034bd6d837e0f3c35756b9.tar.gz | |
EC/EG command: check for null-bytes in $COMSPEC/$SHELL
Environment variables will of course never contain null-bytes.
However you can always set them later on from TECO code and include nulls.
We therefore everywhere check for null-bytes in all registers used as null-terminated strings
to avoid unexpected behavior.
Diffstat (limited to 'src/spawn.c')
| -rw-r--r-- | src/spawn.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/spawn.c b/src/spawn.c index 4a622ef..e44ecc4 100644 --- a/src/spawn.c +++ b/src/spawn.c @@ -129,11 +129,13 @@ teco_parse_shell_command_line(const gchar *cmdline, GError **error) teco_string_t comspec; if (!reg->vtable->get_string(reg, &comspec.data, &comspec.len, NULL, error)) return NULL; + if (teco_string_contains(&comspec, '\0')) { + teco_string_clear(&comspec); + teco_error_qregcontainsnull_set(error, "$COMSPEC", 8, FALSE); + return NULL; + } argv = g_new(gchar *, 5); - /* - * FIXME: What if $COMSPEC contains null-bytes? - */ argv[0] = comspec.data; argv[1] = g_strdup("/q"); argv[2] = g_strdup("/c"); @@ -148,11 +150,13 @@ teco_parse_shell_command_line(const gchar *cmdline, GError **error) teco_string_t shell; if (!reg->vtable->get_string(reg, &shell.data, &shell.len, NULL, error)) return NULL; + if (teco_string_contains(&shell, '\0')) { + teco_string_clear(&shell); + teco_error_qregcontainsnull_set(error, "$SHELL", 6, FALSE); + return NULL; + } argv = g_new(gchar *, 4); - /* - * FIXME: What if $SHELL contains null-bytes? - */ argv[0] = shell.data; argv[1] = g_strdup("-c"); argv[2] = g_strdup(cmdline); |