- Inserting double quote will not cover if filepath contains double quote
- using g_shell_quote handles this correctly
Change-Id: Ib519c4c40536b3bcc78e2287e72542b822715c84
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>
char *backend_cmd;
char **argv;
char args[MAX_PKG_ARGS_LEN];
char *backend_cmd;
char **argv;
char args[MAX_PKG_ARGS_LEN];
+ gchar *req_id;
+ gchar *pkgid;
int pid;
backend_cmd = job->backend_path;
if (backend_cmd == NULL)
return -1;
int pid;
backend_cmd = job->backend_path;
if (backend_cmd == NULL)
return -1;
- snprintf(args, sizeof(args), "%s -k \"%s\" -i \"%s\" -u %d %s", backend_cmd,
- job->req_id, job->pkgid, (int)job->target_uid, job->args);
+ req_id = g_shell_quote(job->req_id);
+ pkgid = g_shell_quote(job->pkgid);
+ if (!req_id || !pkgid)
+ return -1;
+
+ snprintf(args, sizeof(args), "%s -k %s -i %s -u %d %s", backend_cmd,
+ req_id, pkgid, (int)job->target_uid, job->args);
argv = __generate_argv(args);
pid = __fork_and_exec_with_args(argv, APPFW_UID);
g_strfreev(argv);
argv = __generate_argv(args);
pid = __fork_and_exec_with_args(argv, APPFW_UID);
g_strfreev(argv);
+ g_free(req_id);
+ g_free(pkgid);
char *backend_cmd;
char **argv;
char args[MAX_PKG_ARGS_LEN];
char *backend_cmd;
char **argv;
char args[MAX_PKG_ARGS_LEN];
+ gchar *req_id;
+ gchar *pkgid;
int pid;
backend_cmd = job->backend_path;
if (backend_cmd == NULL)
return -1;
int pid;
backend_cmd = job->backend_path;
if (backend_cmd == NULL)
return -1;
- snprintf(args, sizeof(args), "%s -k \"%s\" -w \"%s\" -u %d %s", backend_cmd,
- job->req_id, job->pkgid, (int)job->target_uid, job->args);
+ req_id = g_shell_quote(job->req_id);
+ pkgid = g_shell_quote(job->pkgid);
+ if (!req_id || !pkgid)
+ return -1;
+
+ snprintf(args, sizeof(args), "%s -k %s -w %s -u %d %s", backend_cmd,
+ req_id, pkgid, (int)job->target_uid, job->args);
argv = __generate_argv(args);
pid = __fork_and_exec_with_args(argv, APPFW_UID);
g_strfreev(argv);
argv = __generate_argv(args);
pid = __fork_and_exec_with_args(argv, APPFW_UID);
g_strfreev(argv);
+ g_free(req_id);
+ g_free(pkgid);
char *backend_cmd;
char **argv;
char args[MAX_PKG_ARGS_LEN];
char *backend_cmd;
char **argv;
char args[MAX_PKG_ARGS_LEN];
+ gchar *req_id;
+ gchar *pkgid;
int pid;
backend_cmd = job->backend_path;
if (backend_cmd == NULL)
return -1;
int pid;
backend_cmd = job->backend_path;
if (backend_cmd == NULL)
return -1;
- snprintf(args, sizeof(args), "%s -k \"%s\" -r \"%s\" -u %d", backend_cmd,
- job->req_id, job->pkgid, (int)job->target_uid);
+ req_id = g_shell_quote(job->req_id);
+ pkgid = g_shell_quote(job->pkgid);
+ if (!req_id || !pkgid)
+ return -1;
+
+ snprintf(args, sizeof(args), "%s -k %s -r %s -u %d", backend_cmd,
+ req_id, pkgid, (int)job->target_uid);
argv = __generate_argv(args);
pid = __fork_and_exec_with_args(argv, APPFW_UID);
g_strfreev(argv);
argv = __generate_argv(args);
pid = __fork_and_exec_with_args(argv, APPFW_UID);
g_strfreev(argv);
+ g_free(req_id);
+ g_free(pkgid);