From 4d9c902970c275d7eec39ef0c44cc1b611a09122 Mon Sep 17 00:00:00 2001
From: Cassio de Campos <cassiopc@gmail.com>
Date: Fri, 4 Aug 2017 11:25:22 +0100
Subject: more checks for string issues

---
 tools/boca-submit-run-root-wrapper.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'tools/boca-submit-run-root-wrapper.c')

diff --git a/tools/boca-submit-run-root-wrapper.c b/tools/boca-submit-run-root-wrapper.c
index 6e8ca66..94ba282 100644
--- a/tools/boca-submit-run-root-wrapper.c
+++ b/tools/boca-submit-run-root-wrapper.c
@@ -2,10 +2,26 @@
 #include<stdio.h>
 #include<sys/types.h>
 #include<unistd.h>
-char str[10000];
+char str[3000];
+char *clean(char *s) {
+  int i;
+  if(s[0]=='"') s++;
+  for(i=0; i < 299 && s[i]; ++i) {
+    if(s[i] == '"' ||
+       s[i] == '\\' ||
+       s[i] == '$' ||
+       s[i] == '`') {
+      if(s[i+1] == 0) s[i]=0;
+      else s[i]='_';
+    }
+  }
+  if(i >= 299) s[i]=0;
+  return s;
+}
 int main(int argc, char **argv) {
   if(argc != 8) return 1;
-  sprintf(str,"/usr/bin/boca-submit-run-root %1000s %1000s %1000s %1000s %1000s %1000s %1000s",argv[1],argv[2],argv[3],argv[4],argv[5],argv[6],argv[7]);
+  sprintf(str,"/usr/bin/boca-submit-run-root \"%300s\" \"%300s\" \"%300s\" \"%300s\" \"%300s\" \"%300s\" \"%300s\"",
+	  clean(argv[1]),clean(argv[2]),clean(argv[3]),clean(argv[4]),clean(argv[5]),clean(argv[6]),clean(argv[7]));
   setuid(0);
   system(str);
   return 0;
-- 
cgit v1.2.3