Sanitize inputs BEFORE constructing a command string

author: Joseph Hunkeler <jhunkeler@gmail.com> 2019-12-31 01:57:13 -0500
committer: Joseph Hunkeler <jhunkeler@gmail.com> 2019-12-31 01:57:13 -0500
commit: 553c5233d35b7648045a928004fdfc05b4e0d965 (patch)
tree: 6afb95cfe8ef1252e8d9619984ca754c7ddc2881 /src/relocation.c
parent: 96145d5fdc0d695414f200c2afa372818f4857df (diff)
download: spmc-553c5233d35b7648045a928004fdfc05b4e0d965.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/src/relocation.c b/src/relocation.c
index 473624a..1ba95d5 100644
--- a/src/relocation.c
+++ b/src/relocation.c
@@ -296,12 +296,14 @@ int relocate(const char *_filename, const char *_oldstr, const char *_newstr) {
     char *filename = strdup(_filename);
     char cmd[PATH_MAX];
 
+    // sanitize command
+    strchrdel(oldstr, "&;|");
+    strchrdel(newstr, "&;|");
+    strchrdel(filename, "&;|");
+
     memset(cmd, '\0', sizeof(cmd));
     sprintf(cmd, "reloc \"%s\" \"%s\" \"%s\" \"%s\" 2>&1", oldstr, newstr, filename, filename);
 
-    // sanitize command
-    strchrdel(cmd, "&;|");
-
     shell(&proc, SHELL_OUTPUT, cmd);
     if (!proc) {
         free(oldstr);
author	Joseph Hunkeler <jhunkeler@gmail.com>	2019-12-31 01:57:13 -0500
committer	Joseph Hunkeler <jhunkeler@gmail.com>	2019-12-31 01:57:13 -0500
commit	553c5233d35b7648045a928004fdfc05b4e0d965 (patch)
tree	6afb95cfe8ef1252e8d9619984ca754c7ddc2881 /src/relocation.c
parent	96145d5fdc0d695414f200c2afa372818f4857df (diff)
download	spmc-553c5233d35b7648045a928004fdfc05b4e0d965.tar.gz