Correctly quote and escape arguments passed to external commands (#787203)
Trying to set a file system label to (including the double quotes): " --help " fails. For example labelling an ext4 file system would try to run this command: # e2label /dev/sdb1 "" --help "" Usage: e2label device [newlabel] # echo $? 1 Alternatively trying to create a file system with a label of just a double quote also fails. The Applying Pending Operations dialog waits forever and won't cancel or force cancel. Have to use the window manager close window button to close the dialog. Also GParted reports this error to the console: (gpartedbin:9648): glibmm-CRITICAL **: unhandled exception (type Glib::Error) in signal handler: domain: g-shell-error-quark code : 0 what : Text ended before matching quote was found for ". (The text was 'mkfs.xfs -f -L """ /dev/sdb2') Command strings are parsed and split into argv array by function Glib::shell_parse_argv() which calls internal glib function tokenize_command_line() for shell tokenization. It expects the command string to be properly quoted and escaped and after tokenization, calls g_shell_unquote() on every parsed argument. So to prevent constructing incorrect commands, every non-static string needs to be properly quoted. GParted only puts labels and mount points into double quotes, but has not escaped special characters in those values itself. This patch fixes all these problems by using Glib::shell_quote() on all variable values. Labels, mount points, paths and all others too. Probably a better solution would be to use a new function which takes argv array instead of one string with all the, correctly quoted and escaped, arguments concatenated together. Bug 787203 - Correctly quote and escape arguments of external programs passed to execute_command()
parent
f4220523
Please register or sign in to comment