diff options
| author | Ivan Zhakov <ivan@apache.org> | 2024-09-24 06:26:21 +0000 |
|---|---|---|
| committer | Ivan Zhakov <ivan@apache.org> | 2024-09-24 06:26:21 +0000 |
| commit | eccf65f1d280123d32543f7fd54b2d6ef7c1e692 (patch) | |
| tree | 300cf17a6ec480a807c31606b5d85e767837bed5 | |
| parent | 16d7aaf1fcf58fb8a083d4ac4bf0251b642f898b (diff) | |
| download | apr-eccf65f1d280123d32543f7fd54b2d6ef7c1e692.tar.gz apr-eccf65f1d280123d32543f7fd54b2d6ef7c1e692.zip | |
apr_proc_create(): Check that progname argument is quoted correctly if
it's quoted on Windows.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1920871 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | test/testproc.c | 30 | ||||
| -rw-r--r-- | threadproc/win32/proc.c | 11 |
3 files changed, 43 insertions, 1 deletions
@@ -297,6 +297,9 @@ Changes for APR 2.0.0 *) apr_proc_create(): Fix potential handle leak when apr_proc_create() is used from multiple threads on Windows [Ivan Zhakov] + *) apr_proc_create(): Check that progname argument is quoted correctly if + it's quoted on Windows. [Ivan Zhakov] + Changes for APR and APR-util 1.7.x and later: *) http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/CHANGES?view=markup diff --git a/test/testproc.c b/test/testproc.c index 57bb7bee1..9a134142f 100644 --- a/test/testproc.c +++ b/test/testproc.c @@ -300,6 +300,34 @@ static void test_proc_args_winbatch(abts_case* tc, void* data) ABTS_STR_EQUAL(tc, expected, actual); } +#ifdef WIN32 +static void test_proc_unclosed_quote1(abts_case *tc, void *data) +{ + apr_procattr_t *attr; + apr_status_t rv; + const char *args[] = { NULL }; + + rv = apr_procattr_create(&attr, p); + ABTS_INT_EQUAL(tc, APR_SUCCESS, rv); + + rv = apr_proc_create(&newproc, "\"", args, NULL, attr, p); + ABTS_INT_EQUAL(tc, APR_EINVAL, rv); +} + +static void test_proc_unclosed_quote2(abts_case *tc, void *data) +{ + apr_procattr_t *attr; + apr_status_t rv; + const char *args[] = { NULL }; + + rv = apr_procattr_create(&attr, p); + ABTS_INT_EQUAL(tc, APR_SUCCESS, rv); + + rv = apr_proc_create(&newproc, "\"abc", args, NULL, attr, p); + ABTS_INT_EQUAL(tc, APR_EINVAL, rv); +} +#endif + abts_suite *testproc(abts_suite *suite) { suite = ADD_SUITE(suite) @@ -311,6 +339,8 @@ abts_suite *testproc(abts_suite *suite) abts_run_test(suite, test_proc_args, NULL); #ifdef WIN32 abts_run_test(suite, test_proc_args_winbatch, NULL); + abts_run_test(suite, test_proc_unclosed_quote1, NULL); + abts_run_test(suite, test_proc_unclosed_quote2, NULL); #endif return suite; diff --git a/threadproc/win32/proc.c b/threadproc/win32/proc.c index 3d12f6e32..65037702d 100644 --- a/threadproc/win32/proc.c +++ b/threadproc/win32/proc.c @@ -509,7 +509,16 @@ APR_DECLARE(apr_status_t) apr_proc_create(apr_proc_t *new, * XXX progname must be NULL if this is a 16 bit app running in WOW */ if (progname[0] == '\"') { - progname = apr_pstrmemdup(pool, progname + 1, strlen(progname) - 2); + size_t progname_len = strlen(progname); + if (progname_len < 2) { + return APR_EINVAL; + } + + if (progname[progname_len - 1] != '\"') { + return APR_EINVAL; + } + + progname = apr_pstrmemdup(pool, progname + 1, progname_len - 2); } if (attr->cmdtype == APR_PROGRAM || attr->cmdtype == APR_PROGRAM_ENV) { |