From 7f1cc068964e3b94394fccb1579248c59e6991c2 Mon Sep 17 00:00:00 2001
From: Junghyun Yeon <jungh.yeon@samsung.com>
Date: Thu, 12 Jan 2017 20:00:59 +0900
Subject: [PATCH] Change to add quote using g_shell_quote in some parameter

- Inserting double quote will not cover if filepath contains double quote
- using g_shell_quote handles this correctly

Change-Id: Ib519c4c40536b3bcc78e2287e72542b822715c84
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>
---
 src/pkgmgr-server.c | 39 +++++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/src/pkgmgr-server.c b/src/pkgmgr-server.c
index 4dd532e..cf55a28 100644
--- a/src/pkgmgr-server.c
+++ b/src/pkgmgr-server.c
@@ -689,19 +689,28 @@ static int __process_install(struct backend_job *job)
 	char *backend_cmd;
 	char **argv;
 	char args[MAX_PKG_ARGS_LEN];
+	gchar *req_id;
+	gchar *pkgid;
 	int pid;
 
 	backend_cmd = job->backend_path;
 	if (backend_cmd == NULL)
 		return -1;
 
-	snprintf(args, sizeof(args), "%s -k \"%s\" -i \"%s\" -u %d %s", backend_cmd,
-			job->req_id, job->pkgid, (int)job->target_uid, job->args);
+	req_id = g_shell_quote(job->req_id);
+	pkgid = g_shell_quote(job->pkgid);
+	if (!req_id || !pkgid)
+		return -1;
+
+	snprintf(args, sizeof(args), "%s -k %s -i %s -u %d %s", backend_cmd,
+			req_id, pkgid, (int)job->target_uid, job->args);
 
 	argv = __generate_argv(args);
 
 	pid = __fork_and_exec_with_args(argv, APPFW_UID);
 	g_strfreev(argv);
+	g_free(req_id);
+	g_free(pkgid);
 
 	return pid;
 }
@@ -711,19 +720,28 @@ static int __process_mount_install(struct backend_job *job)
 	char *backend_cmd;
 	char **argv;
 	char args[MAX_PKG_ARGS_LEN];
+	gchar *req_id;
+	gchar *pkgid;
 	int pid;
 
 	backend_cmd = job->backend_path;
 	if (backend_cmd == NULL)
 		return -1;
 
-	snprintf(args, sizeof(args), "%s -k \"%s\" -w \"%s\" -u %d %s", backend_cmd,
-			job->req_id, job->pkgid, (int)job->target_uid, job->args);
+	req_id = g_shell_quote(job->req_id);
+	pkgid = g_shell_quote(job->pkgid);
+	if (!req_id || !pkgid)
+		return -1;
+
+	snprintf(args, sizeof(args), "%s -k %s -w %s -u %d %s", backend_cmd,
+			req_id, pkgid, (int)job->target_uid, job->args);
 
 	argv = __generate_argv(args);
 
 	pid = __fork_and_exec_with_args(argv, APPFW_UID);
 	g_strfreev(argv);
+	g_free(req_id);
+	g_free(pkgid);
 
 	return pid;
 }
@@ -733,19 +751,28 @@ static int __process_reinstall(struct backend_job *job)
 	char *backend_cmd;
 	char **argv;
 	char args[MAX_PKG_ARGS_LEN];
+	gchar *req_id;
+	gchar *pkgid;
 	int pid;
 
 	backend_cmd = job->backend_path;
 	if (backend_cmd == NULL)
 		return -1;
 
-	snprintf(args, sizeof(args), "%s -k \"%s\" -r \"%s\" -u %d", backend_cmd,
-			job->req_id, job->pkgid, (int)job->target_uid);
+	req_id = g_shell_quote(job->req_id);
+	pkgid = g_shell_quote(job->pkgid);
+	if (!req_id || !pkgid)
+		return -1;
+
+	snprintf(args, sizeof(args), "%s -k %s -r %s -u %d", backend_cmd,
+			req_id, pkgid, (int)job->target_uid);
 	argv = __generate_argv(args);
 
 	pid = __fork_and_exec_with_args(argv, APPFW_UID);
 
 	g_strfreev(argv);
+	g_free(req_id);
+	g_free(pkgid);
 
 	return pid;
 }
-- 
2.7.4