EDITOR may contain shell code, so exec a shell to run it

This commit is contained in:
Geir Hauge 2012-12-11 14:48:27 +00:00
parent c2c0659bc8
commit dca812bd27
1 changed files with 6 additions and 1 deletions

View File

@ -363,6 +363,7 @@ editperm(MYSQL *pmysql, const char *db)
char fn[] = "/tmp/mysql-dbadm.tmp.XXXXXX"; char fn[] = "/tmp/mysql-dbadm.tmp.XXXXXX";
FILE *f; FILE *f;
char *editor; char *editor;
char *cmd;
char line[1024]; /* buffer to hold one line */ char line[1024]; /* buffer to hold one line */
char *cp; /* used to interate through a line */ char *cp; /* used to interate through a line */
char *user, *select_priv, *insert_priv, *update_priv, *delete_priv, char *user, *select_priv, *insert_priv, *update_priv, *delete_priv,
@ -418,7 +419,11 @@ editperm(MYSQL *pmysql, const char *db)
if (!editor) if (!editor)
editor = "pico"; /* OK since editor won't be freed */ editor = "pico"; /* OK since editor won't be freed */
execlp(editor, editor, fn, NULL); cmd = malloc(sizeof(char) * strlen(editor) + 7);
sprintf(cmd, "%s \"$1\"", editor);
/* sh -c '$EDITOR "$1"' sh "$fn" */
execlp("sh", "sh", "-c", cmd, "sh", fn, NULL);
perror("Failed to execute editor"); perror("Failed to execute editor");
fprintf(stderr, "Make sure the EDITOR environment variable contains" fprintf(stderr, "Make sure the EDITOR environment variable contains"
" a valid editor\n"); " a valid editor\n");