From dca812bd270a3008827f5b6b787ae0079e2484df Mon Sep 17 00:00:00 2001 From: Geir Hauge Date: Tue, 11 Dec 2012 14:48:27 +0000 Subject: [PATCH] EDITOR may contain shell code, so exec a shell to run it --- mysql-dbadm.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mysql-dbadm.c b/mysql-dbadm.c index bc21dc6..4f5b721 100644 --- a/mysql-dbadm.c +++ b/mysql-dbadm.c @@ -363,6 +363,7 @@ editperm(MYSQL *pmysql, const char *db) char fn[] = "/tmp/mysql-dbadm.tmp.XXXXXX"; FILE *f; char *editor; + char *cmd; char line[1024]; /* buffer to hold one line */ char *cp; /* used to interate through a line */ char *user, *select_priv, *insert_priv, *update_priv, *delete_priv, @@ -418,7 +419,11 @@ editperm(MYSQL *pmysql, const char *db) if (!editor) editor = "pico"; /* OK since editor won't be freed */ - execlp(editor, editor, fn, NULL); + cmd = malloc(sizeof(char) * strlen(editor) + 7); + sprintf(cmd, "%s \"$1\"", editor); + + /* sh -c '$EDITOR "$1"' sh "$fn" */ + execlp("sh", "sh", "-c", cmd, "sh", fn, NULL); perror("Failed to execute editor"); fprintf(stderr, "Make sure the EDITOR environment variable contains" " a valid editor\n");