commit 2b7cd725d0612f13eb5a461778ca525cd489119b

Author: Masatake YAMATO <yamato@redhat.com>

Date:   Tue Dec 13 05:16:00 2022 +0900

    main: quote output file name before passing it to system(3) function

    Following command line doesn't work:

          $ ctags -o 'a b' ...

    because a shell lauched from system(3) deals a whitespace between 'a'

    and 'b' as a separator. The output file name is passed to system(3)

    to run external sort command.

    This commit adds code to put double and single quoets around the output

    file name before passing it to system(3).

    The issue is reported by Lorenz Hipp <lhipp@idealbonn.de> in a private mail.

    This commit is based on e00c55d7a0204dc1d0ae316141323959e1e16162 of

    Universal Ctags <https://github.com/universal-ctags/ctags>.

    An example session of RHEL8:

      [yamato@control]/tmp/ctags-5.8% git clone ssh://git@gitlab.consulting.redhat.com:2222/yamato/temp-test.git

      Cloning into 'temp-test'...

      Enter passphrase for key '/home/yamato/.ssh/id_rsa':

      remote: Enumerating objects: 4, done.

      remote: Counting objects: 100% (4/4), done.

      remote: Compressing objects: 100% (4/4), done.

      remote: Total 4 (delta 0), reused 0 (delta 0), pack-reused 0

      Receiving objects: 100% (4/4), done.

      [yamato@control]/tmp/ctags-5.8% cd temp-test

      [yamato@control]/tmp/ctags-5.8/temp-test% ls -l ~/.ctags

      ls: cannot access '/home/yamato/.ctags': No such file or directory

      [yamato@control]/tmp/ctags-5.8/temp-test% ../ctags hello.c

      [yamato@control]/tmp/ctags-5.8/temp-test% ls

       hello.c  'tags tags; echo Hi $(id -un), your systems is cracked!'

      [yamato@control]/tmp/ctags-5.8/temp-test% valgrind ../ctags hello.c

      ==2076943== Memcheck, a memory error detector

      ==2076943== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.

      ==2076943== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info

      ==2076943== Command: ../ctags hello.c

      ==2076943==

      ==2076943==

      ==2076943== HEAP SUMMARY:

      ==2076943==     in use at exit: 0 bytes in 0 blocks

      ==2076943==   total heap usage: 5,048 allocs, 5,048 frees, 365,311 bytes allocated

      ==2076943==

      ==2076943== All heap blocks were freed -- no leaks are possible

      ==2076943==

      ==2076943== For lists of detected and suppressed errors, rerun with: -s

      ==2076943== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

    Signed-off-by: Masatake YAMATO <yamato@redhat.com>

diff --git a/sort.c b/sort.c

index 09ba87a..fd60a94 100644

--- a/sort.c

+++ b/sort.c

@@ -53,17 +53,44 @@ extern void catFile (const char *const name)

 # define PE_CONST const

 #endif

+/*

+   Output file name should not be evaluated in system(3) function.

+   The name must be used as is. Quotations are required to block the

+   evaluation.

+

+   Normal single-quotes are used to quote a cstring:

+   a => 'a'

+   " => '"'

+

+   If a single-quote is included in the cstring, use double quotes for quoting it.

+   ' => ''"'"''

+*/

+static void appendCstringWithQuotes (vString *dest, const char* cstr)

+{

+	const char* o;

+

+	vStringPut (dest, '\'');

+	for (o = cstr; *o; o++)

+	{

+		if (*o == '\'')

+			vStringCatS (dest, "'\"'\"'");

+		else

+			vStringPut (dest, *o);

+	}

+	vStringPut (dest, '\'');

+}

+

 extern void externalSortTags (const boolean toStdout)

 {

 	const char *const sortNormalCommand = "sort -u -o";

 	const char *const sortFoldedCommand = "sort -u -f -o";

 	const char *sortCommand =

 		Option.sorted == SO_FOLDSORTED ? sortFoldedCommand : sortNormalCommand;

+# ifndef HAVE_SETENV

 	PE_CONST char *const sortOrder1 = "LC_COLLATE=C";

 	PE_CONST char *const sortOrder2 = "LC_ALL=C";

-	const size_t length = 4 + strlen (sortOrder1) + strlen (sortOrder2) +

-			strlen (sortCommand) + (2 * strlen (tagFileName ()));

-	char *const cmd = (char *) malloc (length + 1);

+# endif

+	vString *cmd = vStringNew ();

 	int ret = -1;

 	if (cmd != NULL)

@@ -73,20 +100,35 @@ extern void externalSortTags (const boolean toStdout)

 #ifdef HAVE_SETENV

 		setenv ("LC_COLLATE", "C", 1);

 		setenv ("LC_ALL", "C", 1);

-		sprintf (cmd, "%s %s %s", sortCommand, tagFileName (), tagFileName ());

+		vStringCatS (cmd, sortCommand);

+		vStringPut (cmd, ' ');

+		appendCstringWithQuotes (cmd, tagFileName ());

+		vStringPut (cmd, ' ');

+		appendCstringWithQuotes (cmd, tagFileName ());

 #else

 # ifdef HAVE_PUTENV

 		putenv (sortOrder1);

 		putenv (sortOrder2);

-		sprintf (cmd, "%s %s %s", sortCommand, tagFileName (), tagFileName ());

+		vStringCatS (cmd, sortCommand);

+		vStringPut (cmd, ' ');

+		appendCstringWithQuotes (cmd, tagFileName ());

+		vStringPut (cmd, ' ');

+		appendCstringWithQuotes (cmd, tagFileName ());

 # else

-		sprintf (cmd, "%s %s %s %s %s", sortOrder1, sortOrder2, sortCommand,

-				tagFileName (), tagFileName ());

+		vStringCatS (cmd, sortOrder1);

+		vStringPut (cmd, ' ');

+		vStringCatS (cmd, sortOrder2);

+		vStringPut (cmd, ' ');

+		vStringCatS (cmd, sortCommand);

+		vStringPut (cmd, ' ');

+		appendCstringWithQuotes (cmd, tagFileName ());

+		vStringPut (cmd, ' ');

+		appendCstringWithQuotes (cmd, tagFileName ());

 # endif

 #endif

-		verbose ("system (\"%s\")\n", cmd);

-		ret = system (cmd);

-		free (cmd);

+		verbose ("system (\"%s\")\n", vStringValue (cmd));

+		ret = system (vStringValue (cmd));

+		vStringDelete (cmd);

 	}

 	if (ret != 0)