diff options
-rw-r--r-- | apt-pkg/contrib/gpgv.cc | 44 |
1 files changed, 16 insertions, 28 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index 2bf275f5c..c5557f899 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -356,6 +356,21 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back(NULL); + /* concat the args into a string and try to run it like a shell + script to mitigate *OS 11 sandbox issues */ + + std::stringstream ss; + int j = 0; + for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a) + { + if(j != 0) + ss << " "; + ss << *a; + j++; + } + + std::string ArgString = ss.str(); + if (Debug) { std::clog << "Preparing to exec: "; @@ -393,34 +408,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, { if (statusfd != -1) dup2(fd[1], statusfd); - //I don't really C++, so I hope this is the best way to make a std::vector into a space separated C-string. - char *fullCmd = NULL; - char *tmpCmd = NULL; - bool firstTime = true; - int size = 0; - for (std::vector<const char *>::const_iterator a = Args.begin(); a != Args.end(); ++a) { - size = strlen(*a) + 1; //Plus one for \0 - if (fullCmd != NULL) { - size += strlen(fullCmd) + 1; //Plus one for space - if (tmpCmd != NULL) - free(tmpCmd); - tmpCmd = (char *)malloc(sizeof(char) * (strlen(fullCmd) + 1)); - strcpy(tmpCmd, fullCmd); - free(fullCmd); - } - fullCmd = (char *)malloc(sizeof(char) * size); - if (tmpCmd == NULL) - strcpy(fullCmd, *a); - else - sprintf(fullCmd, "%s %s\0", tmpCmd, *a); - } - if (tmpCmd != NULL) - free(tmpCmd); - if (fullCmd != NULL) { - RunCmd(fullCmd); - free(fullCmd); - } - //execvp(Args[0], (char **) &Args[0]); + execlp("sh", "sh", "-c", ArgString.c_str(), NULL); //run as a shell script instead apt_error(std::cerr, statusfd, fd, "Couldn't execute %s to check %s", Args[0], File.c_str()); local_exit(EINTERNAL); } |