From 553c5233d35b7648045a928004fdfc05b4e0d965 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Tue, 31 Dec 2019 01:57:13 -0500
Subject: Sanitize inputs BEFORE constructing a command string

---
 src/relocation.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/relocation.c')

diff --git a/src/relocation.c b/src/relocation.c
index 473624a..1ba95d5 100644
--- a/src/relocation.c
+++ b/src/relocation.c
@@ -296,12 +296,14 @@ int relocate(const char *_filename, const char *_oldstr, const char *_newstr) {
     char *filename = strdup(_filename);
     char cmd[PATH_MAX];
 
+    // sanitize command
+    strchrdel(oldstr, "&;|");
+    strchrdel(newstr, "&;|");
+    strchrdel(filename, "&;|");
+
     memset(cmd, '\0', sizeof(cmd));
     sprintf(cmd, "reloc \"%s\" \"%s\" \"%s\" \"%s\" 2>&1", oldstr, newstr, filename, filename);
 
-    // sanitize command
-    strchrdel(cmd, "&;|");
-
     shell(&proc, SHELL_OUTPUT, cmd);
     if (!proc) {
         free(oldstr);
-- 
cgit