From a338e1a880cf14cad6034bd6d837e0f3c35756b9 Mon Sep 17 00:00:00 2001 From: Robin Haberkorn Date: Thu, 27 Feb 2025 01:09:21 +0300 Subject: EC/EG command: check for null-bytes in $COMSPEC/$SHELL Environment variables will of course never contain null-bytes. However you can always set them later on from TECO code and include nulls. We therefore everywhere check for null-bytes in all registers used as null-terminated strings to avoid unexpected behavior. --- src/spawn.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/spawn.c b/src/spawn.c index 4a622ef..e44ecc4 100644 --- a/src/spawn.c +++ b/src/spawn.c @@ -129,11 +129,13 @@ teco_parse_shell_command_line(const gchar *cmdline, GError **error) teco_string_t comspec; if (!reg->vtable->get_string(reg, &comspec.data, &comspec.len, NULL, error)) return NULL; + if (teco_string_contains(&comspec, '\0')) { + teco_string_clear(&comspec); + teco_error_qregcontainsnull_set(error, "$COMSPEC", 8, FALSE); + return NULL; + } argv = g_new(gchar *, 5); - /* - * FIXME: What if $COMSPEC contains null-bytes? - */ argv[0] = comspec.data; argv[1] = g_strdup("/q"); argv[2] = g_strdup("/c"); @@ -148,11 +150,13 @@ teco_parse_shell_command_line(const gchar *cmdline, GError **error) teco_string_t shell; if (!reg->vtable->get_string(reg, &shell.data, &shell.len, NULL, error)) return NULL; + if (teco_string_contains(&shell, '\0')) { + teco_string_clear(&shell); + teco_error_qregcontainsnull_set(error, "$SHELL", 6, FALSE); + return NULL; + } argv = g_new(gchar *, 4); - /* - * FIXME: What if $SHELL contains null-bytes? - */ argv[0] = shell.data; argv[1] = g_strdup("-c"); argv[2] = g_strdup(cmdline); -- cgit v1.2.3