Fixed buffer problems in doShellEscape

When the output from a command is empty, nothing stops doShellEscape from
chopping newlines past the beginning of the buffer.  This problem was first
identified by Dmitry V. Levin in July 2009.

Also, there is an off-by-one error in replacing trailing '\n' with '\0'.
This problem, however, escaped the attention of Dmitry V. Levin in July 2009.

Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
This commit is contained in:
Alexey Tourbin 2013-02-07 03:44:41 +00:00 committed by Panu Matilainen
parent cca91666d0
commit 2d647098c8
1 changed files with 5 additions and 3 deletions

View File

@ -480,14 +480,16 @@ doShellEscape(MacroBuf mb, const char * cmd, size_t clen)
rc = 1; rc = 1;
goto exit; goto exit;
} }
size_t tpos = mb->tpos;
while((c = fgetc(shf)) != EOF) { while((c = fgetc(shf)) != EOF) {
mbAppend(mb, c); mbAppend(mb, c);
} }
(void) pclose(shf); (void) pclose(shf);
/* XXX delete trailing \r \n */ /* Delete trailing \r \n */
while (iseol(mb->buf[mb->tpos-1])) { while (mb->tpos > tpos && iseol(mb->buf[mb->tpos-1])) {
mb->buf[mb->tpos--] = '\0'; mb->buf[--mb->tpos] = '\0';
mb->nb++; mb->nb++;
} }