You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by iv...@apache.org on 2019/09/09 21:45:14 UTC
svn commit: r1866713 - /apr/apr/trunk/threadproc/win32/proc.c
Author: ivan
Date: Mon Sep 9 21:45:13 2019
New Revision: 1866713
URL: http://svn.apache.org/viewvc?rev=1866713&view=rev
Log:
* threadproc/win32/proc.c
(apr_proc_create): Remove compatibility code for command.com which is only
available on Windows 98 and bellow.
Modified:
apr/apr/trunk/threadproc/win32/proc.c
Modified: apr/apr/trunk/threadproc/win32/proc.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/threadproc/win32/proc.c?rev=1866713&r1=1866712&r2=1866713&view=diff
==============================================================================
--- apr/apr/trunk/threadproc/win32/proc.c (original)
+++ apr/apr/trunk/threadproc/win32/proc.c Mon Sep 9 21:45:13 2019
@@ -518,15 +518,8 @@ APR_DECLARE(apr_status_t) apr_proc_creat
shellcmd = apr_pstrcat(pool, "\"", shellcmd, "\"", NULL);
}
}
- /* Command.com does not support a quoted command, while cmd.exe demands one.
- */
- i = strlen(progname);
- if (i >= 11 && strcasecmp(progname + i - 11, "command.com") == 0) {
- cmdline = apr_pstrcat(pool, shellcmd, " /C ", argv0, cmdline, NULL);
- }
- else {
- cmdline = apr_pstrcat(pool, shellcmd, " /C \"", argv0, cmdline, "\"", NULL);
- }
+
+ cmdline = apr_pstrcat(pool, shellcmd, " /C \"", argv0, cmdline, "\"", NULL);
}
else
{
@@ -556,34 +549,24 @@ APR_DECLARE(apr_status_t) apr_proc_creat
shellcmd = apr_pstrcat(pool, "\"", shellcmd, "\"", NULL);
}
}
- i = strlen(progname);
- if (i >= 11 && strcasecmp(progname + i - 11, "command.com") == 0) {
- /* XXX: Still insecure - need doubled-quotes on each individual
- * arg of cmdline. Suspect we need to postpone cmdline parsing
- * until this moment in all four code paths, with some flags
- * to toggle 'which flavor' is needed.
- */
- cmdline = apr_pstrcat(pool, shellcmd, " /C ", argv0, cmdline, NULL);
+
+ /* We must protect the cmdline args from any interpolation - this
+ * is not a shellcmd, and the source of argv[] is untrusted.
+ * Notice we escape ALL the cmdline args, including the quotes
+ * around the individual args themselves. No sense in allowing
+ * the shift-state to be toggled, and the application will
+ * not see the caret escapes.
+ */
+ cmdline = apr_caret_escape_args(pool, cmdline);
+ /*
+ * Our app name must always be quoted so the quotes surrounding
+ * the entire /c "command args" are unambigious.
+ */
+ if (*argv0 != '"') {
+ cmdline = apr_pstrcat(pool, shellcmd, " /C \"\"", argv0, "\"", cmdline, "\"", NULL);
}
else {
- /* We must protect the cmdline args from any interpolation - this
- * is not a shellcmd, and the source of argv[] is untrusted.
- * Notice we escape ALL the cmdline args, including the quotes
- * around the individual args themselves. No sense in allowing
- * the shift-state to be toggled, and the application will
- * not see the caret escapes.
- */
- cmdline = apr_caret_escape_args(pool, cmdline);
- /*
- * Our app name must always be quoted so the quotes surrounding
- * the entire /c "command args" are unambigious.
- */
- if (*argv0 != '"') {
- cmdline = apr_pstrcat(pool, shellcmd, " /C \"\"", argv0, "\"", cmdline, "\"", NULL);
- }
- else {
- cmdline = apr_pstrcat(pool, shellcmd, " /C \"", argv0, cmdline, "\"", NULL);
- }
+ cmdline = apr_pstrcat(pool, shellcmd, " /C \"", argv0, cmdline, "\"", NULL);
}
}
else {