[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fixing Windows and DOS command line argument quoting

From: Daniel Colascione
Subject: Re: Fixing Windows and DOS command line argument quoting
Date: Tue, 26 Apr 2011 18:25:44 -0700
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20110303 Thunderbird/3.1.9

On 4/26/2011 5:58 PM, Ben Key wrote:
Daniel Colascione writes:

 > After another reading of cmdproxy.c, I also see that the
 > CreateProcess path also doesn't expand environment %variable%
 > references, and that doesn't fall back to cmd if the command
 > to be executed contains them.  While we could expand these
 > variables, doing so would move us even closer to
 > reimplementing half of cmd.exe.

You are exaggerating a great deal.  It is a single function call,
ExpandEnvironmentStrings, documented at
Patching cmdproxy.c to use ExpandEnvironmentStrings before calling
CreateProcess would add at most 10 lines of code.  This is by no means
"reimplementing half of cmd.exe."

I actually didn't know about ExpandEnvironmentStrings. Thank you for the link; this function may be useful in some cases. But as the comments on the linked MSDN page point out, ExpandEnvironmentStrings doesn't expand variable references quite same way cmd does, and it would produce incorrect results for us whether we ran it before or after level-2-dequoting. Since cmdproxy should mimic cmd's processing when bypassing cmd itself, ExpandEnvironmentStrings would be inappropriate for our purposes.

The issue is moot, however, because cmdproxy now punts processing variable references to cmd itself, and I suspect that Eli Zaretskii is correct when he says that such variable references are rare.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]