diff options
-rw-r--r-- | src/firejail/main.c | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 91f39ed71..28351a2df 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2008,8 +2008,26 @@ int main(int argc, char **argv) { | |||
2008 | int i; | 2008 | int i; |
2009 | int len = 0; | 2009 | int len = 0; |
2010 | int argcnt = argc - prog_index; | 2010 | int argcnt = argc - prog_index; |
2011 | for (i = 0; i < argcnt; i++) | 2011 | int j; |
2012 | len += strlen(argv[i + prog_index]) + 3; // + ' ' + 2 '"' | 2012 | char *arg, *arg_ptr, *token; |
2013 | |||
2014 | for (i = 0; i < argcnt; i++) { | ||
2015 | arg = strdup(argv[i + prog_index]); | ||
2016 | arg_ptr = arg; | ||
2017 | for (token = strsep(&arg_ptr, "\'"); token != NULL; token = strsep(&arg_ptr, "\'")) { | ||
2018 | if (token[0] == '\0') { | ||
2019 | len += 3; | ||
2020 | } else { | ||
2021 | len += strlen(token) + 5; | ||
2022 | } | ||
2023 | } | ||
2024 | free(arg); | ||
2025 | len -= 2; // + ' ' - 3 char overrun | ||
2026 | } | ||
2027 | len += 3; // for overrun | ||
2028 | |||
2029 | if (arg_debug) | ||
2030 | printf("Predicted command length %d\n", len); | ||
2013 | 2031 | ||
2014 | // build the string | 2032 | // build the string |
2015 | cfg.command_line = malloc(len + 1); // + '\0' | 2033 | cfg.command_line = malloc(len + 1); // + '\0' |
@@ -2022,12 +2040,31 @@ int main(int argc, char **argv) { | |||
2022 | char *ptr1 = cfg.command_line; | 2040 | char *ptr1 = cfg.command_line; |
2023 | char *ptr2 = cfg.window_title; | 2041 | char *ptr2 = cfg.window_title; |
2024 | for (i = 0; i < argcnt; i++) { | 2042 | for (i = 0; i < argcnt; i++) { |
2025 | sprintf(ptr1, "\'%s\' ", argv[i + prog_index]); | 2043 | // enclose args by single quotes, |
2026 | sprintf(ptr2, "%s ", argv[i + prog_index]); | 2044 | // and since single quote can't be represented in single quoted text |
2045 | // each occurence of it in arg should be enclosed by double quotes | ||
2046 | arg = strdup(argv[i + prog_index]); | ||
2047 | arg_ptr = arg; | ||
2048 | for (token = strsep(&arg_ptr, "\'"); token != NULL; token = strsep(&arg_ptr, "\'")) { | ||
2049 | if (token[0] == '\0') { | ||
2050 | sprintf(ptr1, "\"\'\""); | ||
2051 | } else { | ||
2052 | sprintf(ptr1, "\'%s\'\"\'\"", token); | ||
2053 | } | ||
2054 | ptr1 += strlen(ptr1); | ||
2055 | } | ||
2056 | free(arg); | ||
2057 | ptr1 -= 3; | ||
2027 | 2058 | ||
2059 | sprintf(ptr1, " "); | ||
2028 | ptr1 += strlen(ptr1); | 2060 | ptr1 += strlen(ptr1); |
2061 | |||
2062 | sprintf(ptr2, "%s ", argv[i + prog_index]); | ||
2029 | ptr2 += strlen(ptr2); | 2063 | ptr2 += strlen(ptr2); |
2030 | } | 2064 | } |
2065 | ptr1[0]='\0'; // just to be sure | ||
2066 | if (arg_debug) | ||
2067 | printf("Actual command length %zd\n", strlen(cfg.command_line)); | ||
2031 | } | 2068 | } |
2032 | 2069 | ||
2033 | assert(cfg.command_name); | 2070 | assert(cfg.command_name); |