diff options
author | Will Andrews <will@FreeBSD.org> | 2001-01-04 19:05:49 +0000 |
---|---|---|
committer | Will Andrews <will@FreeBSD.org> | 2001-01-04 19:05:49 +0000 |
commit | c494ed80cd5f974624ed21b0036155ab7ffcfe86 (patch) | |
tree | 42d2262b0bc1f89c980f46c27485cf58b6a006e1 /usr.bin/apply/apply.c | |
parent | 94648ce60de9cefc6bae75122d7fac8919072145 (diff) | |
download | src-c494ed80cd5f974624ed21b0036155ab7ffcfe86.tar.gz src-c494ed80cd5f974624ed21b0036155ab7ffcfe86.zip |
BDECFLAGS; de-__P()-ify, ANSIfy, use snprintf() instead of sprintf(),
especially on strings passed from argv; rename system() to exec_shell(),
and make it static; use strlcpy() and make sure it works; use proper
type (size_t) to be passed to malloc()/realloc().
Use getusershell() to make sure the SHELL environment variable passed is
safe to use. Add new option -s to allow anal users to pass things like
perl; this option is here along with getusershell() checking since the
such checking is only intended to affect things like suidperl that might
call apply(1).
Reviewed by: markm, jhb, C. Stephen Gunn <csg@waterspout.com>
Notes
Notes:
svn path=/head/; revision=70669
Diffstat (limited to 'usr.bin/apply/apply.c')
-rw-r--r-- | usr.bin/apply/apply.c | 63 |
1 files changed, 40 insertions, 23 deletions
diff --git a/usr.bin/apply/apply.c b/usr.bin/apply/apply.c index 05e086d4eaf0..fe721691a6c7 100644 --- a/usr.bin/apply/apply.c +++ b/usr.bin/apply/apply.c @@ -55,21 +55,23 @@ static const char rcsid[] = #include <string.h> #include <unistd.h> -void usage __P((void)); -int system __P((const char *)); +void usage (void); +static int exec_shell (const char *); + +static unsigned int prespecified; +static char *shell; int -main(argc, argv) - int argc; - char *argv[]; +main(int argc, char **argv) { - int ch, clen, debug, i, l, magic, n, nargs, rval; + int ch, debug, i, magic, n, nargs, rval; + size_t clen, l; char *c, *cmd, *p, *q; debug = 0; magic = '%'; /* Default magic char is `%'. */ nargs = -1; - while ((ch = getopt(argc, argv, "a:d0123456789")) != -1) + while ((ch = getopt(argc, argv, "a:ds:0123456789")) != -1) switch (ch) { case 'a': if (optarg[1] != '\0') @@ -80,6 +82,10 @@ main(argc, argv) case 'd': debug = 1; break; + case 's': + prespecified = 1; + shell = optarg; + break; case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (nargs != -1) @@ -124,9 +130,9 @@ main(argc, argv) nargs = 1; p = cmd; - p += sprintf(cmd, "exec %s", argv[0]); + p += snprintf(cmd, sizeof(cmd), "exec %s", argv[0]); for (i = 1; i <= nargs; i++) - p += sprintf(p, " %c%d", magic, i); + p += snprintf(p, sizeof(p), " %c%d", magic, i); /* * If nargs set to the special value 0, eat a single @@ -135,7 +141,7 @@ main(argc, argv) if (nargs == 0) nargs = 1; } else { - (void)sprintf(cmd, "exec %s", argv[0]); + (void)snprintf(cmd, sizeof(cmd), "exec %s", argv[0]); nargs = n; } @@ -165,7 +171,7 @@ main(argc, argv) /* Expand command argv references. */ for (p = cmd, q = c; *p != '\0'; ++p) if (p[0] == magic && isdigit(p[1]) && p[1] != '0') - q += sprintf(q, "%s", argv[(++p)[0] - '0']); + q += snprintf(q, sizeof(q), "%s", argv[(++p)[0] - '0']); else *q++ = *p; @@ -176,7 +182,7 @@ main(argc, argv) if (debug) (void)printf("%s\n", c); else - if (system(c)) + if (exec_shell(c)) rval = 1; } @@ -187,28 +193,39 @@ main(argc, argv) } /* - * system -- + * exec_shell -- * Private version of system(3). Use the user's SHELL environment * variable as the shell to execute. */ -int -system(command) - const char *command; +static int +exec_shell(const char *command) { - static char *name, *shell; + static char *name; + char *tmpshell; pid_t pid; int omask, pstat; sig_t intsave, quitsave; + unsigned int okshell = 0; if (shell == NULL) { if ((shell = getenv("SHELL")) == NULL) - shell = _PATH_BSHELL; - if ((name = strrchr(shell, '/')) == NULL) - name = shell; - else + if (strlcpy(shell, _PATH_BSHELL, sizeof(shell)) != strlen(shell)) + err(1, "strlcpy() failed"); + if ((name = strrchr(shell, '/')) == NULL) { + if (strlcpy(name, shell, sizeof(name)) != strlen(shell)) + err(1, "strlcpy() failed"); + } else { ++name; + } } - if (!command) /* just checking... */ + + /* Now double-check to make sure the shell is friendly */ + if (!prespecified) + while((tmpshell = getusershell()) != NULL) + if (strcmp((const char *)tmpshell, (const char *)shell) == 0) + okshell = 1; + + if (!command || !okshell) /* just checking... */ return(1); omask = sigblock(sigmask(SIGCHLD)); @@ -235,6 +252,6 @@ usage() { (void)fprintf(stderr, - "usage: apply [-a magic] [-d] [-0123456789] command arguments ...\n"); + "usage: apply [-a magic] [-d] [-s shell] [-0123456789] command arguments ...\n"); exit(1); } |