From a725189c0accbf47b39f735d1f32a7b54ae91c6d Mon Sep 17 00:00:00 2001 From: "Mohamed A. Khalfella" Date: Mon, 14 Sep 2015 22:06:48 +0300 Subject: [PATCH] 5433 at(1) doesn't properly handle being invoked from a path containing spaces Reviewed by: Gary Mills Approved by: Dan McDonald --- usr/src/cmd/cron/at.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/usr/src/cmd/cron/at.c b/usr/src/cmd/cron/at.c index 37fe880ee293..68769c2f8a34 100644 --- a/usr/src/cmd/cron/at.c +++ b/usr/src/cmd/cron/at.c @@ -101,6 +101,7 @@ static int not_this_project(char *); static char *mkjobname(time_t); static time_t parse_time(char *); static time_t gtime(struct tm *); +static void escapestr(const char *); void atabort(char *)__NORETURN; void yyerror(void); extern int yyparse(void); @@ -545,6 +546,23 @@ struct tm *tptr; return (tv); } +/* + * Escape a string to be used inside the job shell script. + */ +static void +escapestr(const char *str) +{ + char c; + (void) putchar('\''); + while ((c = *str++) != '\0') { + if (c != '\'') + (void) putchar(c); + else + (void) fputs("'\\''", stdout); /* ' -> '\'' */ + } + (void) putchar('\''); +} + /* * make job file from proto + stdin */ @@ -633,12 +651,12 @@ copy(char *jobfile, FILE *inputfile, int when) } for (ep = environ; *ep; ep++) { - if (strchr(*ep, '\'') != NULL) - continue; if ((val = strchr(*ep, '=')) == NULL) continue; *val++ = '\0'; - printf("export %s; %s='%s'\n", *ep, *ep, val); + (void) printf("export %s; %s=", *ep, *ep); + escapestr(val); + (void) putchar('\n'); *--val = '='; } if ((pfp = fopen(pname1, "r")) == NULL && @@ -678,7 +696,7 @@ copy(char *jobfile, FILE *inputfile, int when) if (seteuid(effeusr) < 0) { atabort(CANTCHUID); } - printf("%s", dirbuf); + escapestr(dirbuf); break; case 'm': printf("%o", um);