[PATCH] trans/hello{, -mt}: properly escape contents in trivfs_append_args

[Justus Winter]

Fixes https://savannah.gnu.org/bugs/?15806 .

* trans/hello-mt.c (trivfs_append_args): Escape contents.
* trans/hello.c (trivfs_append_args): Likewise.
---
 trans/hello-mt.c | 28 ++++++++++++++++++++++------
 trans/hello.c    | 21 +++++++++++++++++++--
 2 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/trans/hello-mt.c b/trans/hello-mt.c
index ba9329a..44d54de 100644
--- a/trans/hello-mt.c
+++ b/trans/hello-mt.c
@@ -273,16 +273,32 @@ trivfs_append_args (struct trivfs_control *fsys,
 {
   error_t err;
   char *opt;
+  size_t opt_len;
+  FILE *s;
+  char *c;
+
+  s = open_memstream (&opt, &opt_len);
+  fprintf (s, "--contents='");
 
   pthread_rwlock_rdlock (&contents_lock);
-  err = asprintf (&opt, "--contents=%s", contents) < 0 ? ENOMEM : 0;
+  for (c = contents; *c; c++)
+    switch (*c)
+      {
+      case 0x27: /* Single quote.  */
+       fprintf (s, "'\"'\"'");
+       break;
+
+      default:
+       fprintf (s, "%c", *c);
+      }
   pthread_rwlock_unlock (&contents_lock);
 
-  if (!err)
-    {
-      err = argz_add (argz, argz_len, opt);
-      free (opt);
-    }
+  fprintf (s, "'");
+  fclose (s);
+
+  err = argz_add (argz, argz_len, opt);
+
+  free (opt);
 
   return err;
 }
diff --git a/trans/hello.c b/trans/hello.c
index 4e88c60..d1884df 100644
--- a/trans/hello.c
+++ b/trans/hello.c
@@ -246,9 +246,26 @@ trivfs_append_args (struct trivfs_control *fsys,
 {
   error_t err;
   char *opt;
+  size_t opt_len;
+  FILE *s;
+  char *c;
 
-  if (asprintf (&opt, "--contents=%s", contents) < 0)
-    return ENOMEM;
+  s = open_memstream (&opt, &opt_len);
+  fprintf (s, "--contents='");
+
+  for (c = contents; *c; c++)
+    switch (*c)
+      {
+      case 0x27: /* Single quote.  */
+       fprintf (s, "'\"'\"'");
+       break;
+
+      default:
+       fprintf (s, "%c", *c);
+      }
+
+  fprintf (s, "'");
+  fclose (s);
 
   err = argz_add (argz, argz_len, opt);
 
-- 
2.1.0