[Rd] Robustifying R_CleanTempDir a bit more
Ivan Krylov
kry|ov@r00t @end|ng |rom gm@||@com
Thu Feb 16 16:03:59 CET 2023
Thanks for the quick reply!
On Thu, 16 Feb 2023 15:43:40 +0100
Tomas Kalibera <tomas.kalibera using gmail.com> wrote:
> Please see 83851 from earlier today which does a bit more of
> robustification, and if you find any problem in it, please let me
> know.
83851 is an improvement, but it does let single quotes through,
unfortunately, leading to my (contrived) example of "/tmp/';echo;'".
Given what you say about the temporary nature of the current fix,
adding the single quote to the list of special symbols should be a good
solution for now:
--- src/main/platform.c (revision 83851)
+++ src/main/platform.c (working copy)
@@ -1634,7 +1634,7 @@
/* On Solaris the working directory must be outside this one */
chdir(R_HomeDir());
#endif
- char *special = "\\`$\"\n";
+ char *special = "\\`$\"\n'";
int hasspecial = 0;
for(int i = 0; special[i] != '\0'; i++)
if (strchr(Sys_TempDir, special[i])) {
At least I don't see a way out once you disallow single quotes in the
single-quoted string.
--
Best regards,
Ivan
More information about the R-devel
mailing list