Add '"' chars around every argument passed to bash

1 files changed, 3 insertions, 2 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 3a2da0852..c55d87364 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1188,11 +1188,12 @@ int main(int argc, char **argv) {
         }
         else {
                 // calculate the length of the command
+                // TODO: escape the '"' characters, and possibly others like '\' and '!' if they can cause problems
                 int i;
                 int len = 0;
                 int argcnt = argc - prog_index;
                 for (i = 0; i < argcnt; i++)
-                        len += strlen(argv[i + prog_index]) + 1; // + ' '
+                        len += strlen(argv[i + prog_index]) + 3; // + ' ' + 2 '"'
 
                 // build the string
                 cfg.command_line = malloc(len + 1); // + '\0'
@@ -1200,7 +1201,7 @@ int main(int argc, char **argv) {
                         errExit("malloc");
                 char *ptr = cfg.command_line;
                 for (i = 0; i < argcnt; i++) {
-                        sprintf(ptr, "%s ", argv[i + prog_index]);
+                        sprintf(ptr, "\"%s\" ", argv[i + prog_index]);
                         ptr += strlen(ptr);
                 }
         }