qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] configure: quote command line arguments in config.status

From: Eric Blake
Subject: Re: [PATCH 1/3] configure: quote command line arguments in config.status
Date: Mon, 14 Sep 2020 14:17:10 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 
On 9/13/20 5:05 AM, Paolo Bonzini wrote:

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
  configure | 6 +++++-
  1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 53723ace57..beae010e39 100755
--- a/configure
+++ b/configure
@@ -89,6 +89,10 @@ printf " '%s'" "$0" "$@" >> config.log
  echo >> config.log
  echo "#" >> config.log
+quote_sh() { 
+    printf "'%s'" "$(echo "$1" | sed "s,','\\',")"
This is unsafe if $1 starts with - or contains \. Better is using printf. It also eats any trailing newlines in $1, although that may be less of a concern. 


+}
+
  print_error() {
      (echo
      echo "ERROR: $1"
@@ -8061,7 +8065,7 @@ preserve_env WINDRES
printf "exec" >>config.status 
  for i in "$0" "$@"; do
-  test "$i" = --skip-meson || printf " '%s'" "$i" >>config.status
+  test "$i" = --skip-meson || printf " %s" "$(quote_sh $i)" >>config.status


And this unquoted use of $i is wrong.


  done
  echo ' "$@"' >>config.status
  chmod +x config.status



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]