#define BUFSIZE 256
int escape_single_quotes(char *to, char *from, int max)
{ int l= 0;
for (;*from;from++)
{
switch (*from) {
case '\'':
if (l>=max-4) return 0; // not enough space for escaped chars!
// replace ' with '\''
*(to++)= '\'';
*(to++)= '\\';
*(to++)= '\'';
l += 3;
default:
if (l>=max-1) return 0; // not enough space for this char!
*(to++)= *from;
l++;
}
}
*to= 0;
return 1;
}
int main(int argc, char *argv[])
{
FILE *fp;
char buf[BUFSIZE];
char escaped_name[BUFSIZE]; char *filename;
int lines, chars, cpl;
if (argc != 2)
{
fprintf(stderr, "Usage: %s filename\n", argv[0]);
exit(EXIT_FAILURE);
}
filename= argv[1];
printf("Counting %s ... \n", filename);
if (!escape_single_quotes(escaped_name, filename, BUFSIZE)) {
fprintf(stderr, "Escaped filename is too long!\n");
exit(EXIT_FAILURE);
}
if (snprintf(buf, BUFSIZE, "wc -l '%s'", escaped_name)>=BUFSIZE)
{
fprintf(stderr, "Filename %s is too long!\n", filename);
exit(EXIT_FAILURE);
}
fp= popen(buf, "r");}
这个脚本对命令注入安全吗?它将'替换为'\''。有没有办法打破单引号并注入命令?