diff options
| author | Ron Yorston <rmy@pobox.com> | 2023-04-23 13:11:30 +0100 |
|---|---|---|
| committer | Ron Yorston <rmy@pobox.com> | 2023-04-23 15:12:44 +0100 |
| commit | 3354901c71c3b035be7edc6fd17e0a9b20c7adc0 (patch) | |
| tree | 86b80623af704511cadf3cc5b52ae4a6b1b6350a /loginutils/suw32.c | |
| parent | 0575aaaa0779812752427badbc0f80a09aac02a4 (diff) | |
| download | busybox-w32-3354901c71c3b035be7edc6fd17e0a9b20c7adc0.tar.gz busybox-w32-3354901c71c3b035be7edc6fd17e0a9b20c7adc0.tar.bz2 busybox-w32-3354901c71c3b035be7edc6fd17e0a9b20c7adc0.zip | |
su: properly quote command
Previously the command passed to the elevated shell was placed
in literal double quotes on the command line. Instead it should
be subject to full quoting by the quote_arg() function.
Tweak command line processing.
Costs 24-32 bytes.
Diffstat (limited to 'loginutils/suw32.c')
| -rw-r--r-- | loginutils/suw32.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/loginutils/suw32.c b/loginutils/suw32.c index 3500c08db..79637dd77 100644 --- a/loginutils/suw32.c +++ b/loginutils/suw32.c | |||
| @@ -27,14 +27,19 @@ | |||
| 27 | int suw32_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | 27 | int suw32_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
| 28 | int suw32_main(int argc UNUSED_PARAM, char **argv) | 28 | int suw32_main(int argc UNUSED_PARAM, char **argv) |
| 29 | { | 29 | { |
| 30 | char *opt_command = NULL; | ||
| 31 | SHELLEXECUTEINFO info; | 30 | SHELLEXECUTEINFO info; |
| 32 | char *bb_path, *cwd; | 31 | unsigned opts, c_opt; |
| 32 | char *command, *bb_path, *cwd; | ||
| 33 | DECLARE_PROC_ADDR(BOOL, ShellExecuteExA, SHELLEXECUTEINFOA *); | 33 | DECLARE_PROC_ADDR(BOOL, ShellExecuteExA, SHELLEXECUTEINFOA *); |
| 34 | 34 | ||
| 35 | getopt32(argv, "c:", &opt_command); | 35 | opts = getopt32(argv, "c"); |
| 36 | if (argv[optind]) | 36 | c_opt = opts & 1; |
| 37 | argv += optind; | ||
| 38 | command = c_opt ? *argv++ : NULL; | ||
| 39 | if ((c_opt && !command) || (!c_opt && command) || *argv) { | ||
| 40 | // -c without CMD, operand without -c , or surplus arguments | ||
| 37 | bb_show_usage(); | 41 | bb_show_usage(); |
| 42 | } | ||
| 38 | 43 | ||
| 39 | /* ShellExecuteEx() needs backslash as separator in UNC paths. */ | 44 | /* ShellExecuteEx() needs backslash as separator in UNC paths. */ |
| 40 | bb_path = xstrdup(bb_busybox_exec_path); | 45 | bb_path = xstrdup(bb_busybox_exec_path); |
| @@ -58,10 +63,12 @@ int suw32_main(int argc UNUSED_PARAM, char **argv) | |||
| 58 | */ | 63 | */ |
| 59 | cwd = xmalloc_realpath(getcwd(NULL, 0)); | 64 | cwd = xmalloc_realpath(getcwd(NULL, 0)); |
| 60 | info.lpParameters = | 65 | info.lpParameters = |
| 61 | xasprintf("--busybox ash -d \"%s\" -t \"BusyBox ash (Admin)\" ", cwd); | 66 | xasprintf("--busybox ash -d %s -t \"BusyBox ash (Admin)\"", |
| 62 | if (opt_command) | 67 | quote_arg(cwd)); |
| 63 | info.lpParameters = | 68 | if (c_opt) { |
| 64 | xasprintf("%s -s -c \"%s\"", info.lpParameters, opt_command); | 69 | info.lpParameters = xappendword(info.lpParameters, "-s -c --"); |
| 70 | info.lpParameters = xappendword(info.lpParameters, quote_arg(command)); | ||
| 71 | } | ||
| 65 | /* info.lpDirectory = NULL; */ | 72 | /* info.lpDirectory = NULL; */ |
| 66 | info.nShow = SW_SHOWNORMAL; | 73 | info.nShow = SW_SHOWNORMAL; |
| 67 | 74 | ||