From c75620dcfa749f8030e0180df44eec746402885d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 19 Mar 2017 13:53:33 +0100 Subject: Fix and avoid quoting in CommandLine::AsString MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the intended usecase where this serves as a hack there is no problem with double/single quotes being present as we write it to a log file only, but nowadays our calling of apt-key produces a temporary config file containing this "setting" as well and suddently quoting is important as the config file syntax is allergic to it. So the fix is to ignore all quoting whatsoever in the input and just quote (with singles) the option values with spaces. That gives us 99% of the time the correct result and the 1% where the quote is an integral element of the option … doesn't exist – or has bigger problems than a log file not containing the quote. Same goes for newlines in values. LP: #1672710 (cherry picked from commit 2ce15bdeac6ee93faefd4b42b57f035bef80c567) --- apt-pkg/contrib/cmndline.cc | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/contrib/cmndline.cc b/apt-pkg/contrib/cmndline.cc index c8a6e2787..029ec3060 100644 --- a/apt-pkg/contrib/cmndline.cc +++ b/apt-pkg/contrib/cmndline.cc @@ -402,21 +402,27 @@ void CommandLine::SaveInConfig(unsigned int const &argc, char const * const * co bool closeQuote = false; for (unsigned int i = 0; i < argc && length < sizeof(cmdline); ++i, ++length) { - for (unsigned int j = 0; argv[i][j] != '\0' && length < sizeof(cmdline)-1; ++j, ++length) + for (unsigned int j = 0; argv[i][j] != '\0' && length < sizeof(cmdline)-2; ++j) { - cmdline[length] = argv[i][j]; + // we can't really sensibly deal with quoting so skip it + if (strchr("\"\'\r\n", argv[i][j]) != nullptr) + continue; + cmdline[length++] = argv[i][j]; if (lastWasOption == true && argv[i][j] == '=') { // That is possibly an option: Quote it if it includes spaces, // the benefit is that this will eliminate also most false positives const char* c = strchr(&argv[i][j+1], ' '); if (c == NULL) continue; - cmdline[++length] = '"'; + cmdline[length++] = '\''; closeQuote = true; } } if (closeQuote == true) - cmdline[length++] = '"'; + { + cmdline[length++] = '\''; + closeQuote = false; + } // Problem: detects also --hello if (cmdline[length-1] == 'o') lastWasOption = true; -- cgit v1.2.3