Sophie: enscript-1.6.4-2mdk src

enscript-1.6.4-2mdk.src.rpm

--- enscript-1.6.1/src/gsint.h.CAN-2004-1184	1998-06-25 08:18:32.000000000 +0100
+++ enscript-1.6.1/src/gsint.h	2005-01-10 14:39:28.000000000 +0000
@@ -643,4 +643,9 @@
  */
 void printer_close ___P ((void *context));
 
+/*
+ * Escape filenames for shell usage
+ */
+char *shell_escape ___P ((const char *fn));
+
 #endif /* not GSINT_H */
--- enscript-1.6.1/src/util.c.CAN-2004-1184	1998-06-24 07:48:21.000000000 +0100
+++ enscript-1.6.1/src/util.c	2005-01-10 14:39:28.000000000 +0000
@@ -1108,6 +1108,8 @@
 
   /* Create result. */
   cp = xmalloc (len + 1);
+  if (cp == NULL)
+      return NULL;
   for (i = 0, j = 0; string[i]; i++)
     switch (string[i])
       {
@@ -1719,6 +1721,7 @@
       char *cmd = NULL;
       int cmdlen;
       int i, pos;
+      char *cp;
 
       is->is_pipe = 1;
 
@@ -1742,12 +1745,16 @@
 		{
 		case 's':
 		  /* Expand cmd-buffer. */
-		  cmdlen += strlen (fname);
-		  cmd = xrealloc (cmd, cmdlen);
+		  if ((cp = shell_escape (fname)) != NULL)
+		    {
+		      cmdlen += strlen (cp);
+		      cmd = xrealloc (cmd, cmdlen);
 
-		  /* Paste filename. */
-		  strcpy (cmd + pos, fname);
-		  pos += strlen (fname);
+		      /* Paste filename. */
+		      strcpy (cmd + pos, cp);
+		      pos += strlen (cp);
+		      free (cp);
+		    }
 
 		  i++;
 		  break;
@@ -1860,3 +1867,36 @@
 
   return 1;
 }
+
+/*
+ * Escapes the name of a file so that the shell groks it in 'single'
+ * quotation marks.  The resulting pointer has to be free()ed when not
+ * longer used.
+*/
+char *
+shell_escape(const char *fn)
+{
+  size_t len = 0;
+  const char *inp;
+  char *retval, *outp;
+
+  for(inp = fn; *inp; ++inp)
+    switch(*inp)
+    {
+      case '\'': len += 4; break;
+      default:   len += 1; break;
+    }
+
+  outp = retval = malloc(len + 1);
+  if(!outp)
+    return NULL; /* perhaps one should do better error handling here */
+  for(inp = fn; *inp; ++inp)
+    switch(*inp)
+    {
+      case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break;
+      default:   *outp++ = *inp; break;
+    }
+  *outp = 0;
+
+  return retval;
+}
--- enscript-1.6.4/src/main.c.can-2004-1184	2003-03-05 00:36:32.000000000 -0700
+++ enscript-1.6.4/src/main.c	2005-02-08 15:38:27.144246832 -0700
@@ -1495,6 +1495,7 @@
   if (output_language_pass_through)
     {
       char *start_state;
+      char *safe;
       Buffer cmd;
       char intbuf[256];
 
@@ -1547,7 +1548,12 @@
       buffer_append (&cmd, " ");
 
       buffer_append (&cmd, "-Ddocument_title=\"");
-      buffer_append (&cmd, title);
+      safe = shell_escape (title);
+      if (safe)
+      {
+        buffer_append (&cmd, safe);
+        free (safe);
+      }
       buffer_append (&cmd, "\" ");
 
       buffer_append (&cmd, "-Dtoc=");
@@ -1565,8 +1571,14 @@
       /* Append input files. */
       for (i = optind; i < argc; i++)
 	{
-	  buffer_append (&cmd, " ");
-	  buffer_append (&cmd, argv[i]);
+	  safe = shell_escape (argv[i]);
+	  if (safe)
+	    {
+	      buffer_append (&cmd, " \"");
+	      buffer_append (&cmd, safe);
+	      buffer_append (&cmd, "\"");
+	      free (safe);
+	    }
 	}
 
       /* And do the job. */