#1479: OnEvent and Pathnames with spaces or other special characters
---------------------------------+------------------------------------------
Reporter: [EMAIL PROTECTED] | Type: defect
Status: new | Priority: low
Milestone: 1.3.5 | Component: system
Version: | Keywords:
---------------------------------+------------------------------------------
See some code from onevent.cpp:
{{{
if (m_nCommandType == ON_EVENT_RUN)
{
char *szParam = m_aszParameters[_nEvent];
char *szFullParam;
if (u != NULL)
szFullParam = u->usprintf(szParam, USPRINTF_LINEISCMD);
else
szFullParam = strdup(szParam);
if (strlen(szFullParam))
{
char szCmd[strlen(m_szCommand) + strlen(szFullParam) + 8];
sprintf(szCmd, "%s %s &", m_szCommand, szFullParam);
free(szFullParam);
system(szCmd);
}
}}}
First: The user's parameter is passed through system, and is evaluated by
the shell. Problem when using pathes like "/mnt/c/Sound Files/From
Movies/foobar.wav" and so on. Workaround for user is to escape such
characters (like I actually did).
Second: You check szFullParam for beeing '\0' (with strlen), not for
beeing 0. strdup may fail, and return NULL, which isn't handled.
Third: If not checked somewhere else, User may provide empty string. This
is strduped, but never freed. Memory leak (small one, but every time an
event occurs).
Hope this helps,
Felix
--
Ticket URL: <http://trac.licq.org/ticket/1479>
Licq <http://www.licq.org/>
Licq - an instant messaging client for UNIX.
