|
From: | Daniel Colascione |
Subject: | Re: Fixing Windows and DOS command line argument quoting |
Date: | Tue, 26 Apr 2011 18:25:44 -0700 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 |
On 4/26/2011 5:58 PM, Ben Key wrote:
Daniel Colascione writes: > After another reading of cmdproxy.c, I also see that the > CreateProcess path also doesn't expand environment %variable% > references, and that doesn't fall back to cmd if the command > to be executed contains them. While we could expand these > variables, doing so would move us even closer to > reimplementing half of cmd.exe. You are exaggerating a great deal. It is a single function call, ExpandEnvironmentStrings, documented at http://msdn.microsoft.com/en-us/library/ms724265%28v=vs.85%29.aspx. Patching cmdproxy.c to use ExpandEnvironmentStrings before calling CreateProcess would add at most 10 lines of code. This is by no means "reimplementing half of cmd.exe."
I actually didn't know about ExpandEnvironmentStrings. Thank you for the link; this function may be useful in some cases. But as the comments on the linked MSDN page point out, ExpandEnvironmentStrings doesn't expand variable references quite same way cmd does, and it would produce incorrect results for us whether we ran it before or after level-2-dequoting. Since cmdproxy should mimic cmd's processing when bypassing cmd itself, ExpandEnvironmentStrings would be inappropriate for our purposes.
The issue is moot, however, because cmdproxy now punts processing variable references to cmd itself, and I suspect that Eli Zaretskii is correct when he says that such variable references are rare.
[Prev in Thread] | Current Thread | [Next in Thread] |