From 1d73bab05bb50817b2c09c3d4c477290f6b55f77 Mon Sep 17 00:00:00 2001
From: Santeri Pikarinen <santeri.pikarinen@gmail.com>
Date: May 16 2024 21:08:20 +0000
Subject: Move shell_escape function to util.c


This allows for the shell escaping functionality to be used to improve security
with environment variable handling in other parts of the codebase aswell.

Signed-off-by: Santeri Pikarinen <santeri.pikarinen@gmail.com>

---

diff --git a/src/getcert.c b/src/getcert.c
index f5575bc..b4a02d4 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -50,6 +50,7 @@
 #include "tdbus.h"
 #include "tdbusm.h"
 #include "util-o.h"
+#include "util.h"
 
 #ifdef ENABLE_NLS
 #include <libintl.h>
@@ -258,26 +259,6 @@ ensure_pem(void *parent, const char *path)
 	return ret;
 }
 
-/* Escape any shell special characters. */
-static char *
-shell_escape(void *parent, const char *s)
-{
-	const char *specials = "|&;()<>\"' \t", *p;
-	char *ret, *q;
-
-	ret = talloc_size(parent, strlen(s) * 2 + 1);
-	if (ret != NULL) {
-		for (p = s, q = ret; *p != '\0'; p++) {
-			if (strchr(specials, *p) != NULL) {
-				*q++ = '\\';
-			}
-			*q++ = *p;
-		}
-		*q++ = '\0';
-	}
-	return ret;
-}
-
 /* Add a string to a list. */
 static void
 add_string(void *parent, char ***dest, const char *value)
diff --git a/src/util.c b/src/util.c
index 55931aa..01c65c7 100644
--- a/src/util.c
+++ b/src/util.c
@@ -38,6 +38,7 @@
 #include <stdlib.h>
 #include <ctype.h>
 #include <errno.h>
+#include <talloc.h>
 
 #include "log.h"
 #include "util.h"
@@ -194,3 +195,21 @@ char *str_to_upper(const char *s) {
         str_to_upper_inplace(ret);
     return ret;
 }
+
+char *shell_escape(void *parent, const char *s)
+{
+	const char *specials = "|&;()<>\"' \t", *p;
+	char *ret, *q;
+
+	ret = talloc_size(parent, strlen(s) * 2 + 1);
+	if (ret != NULL) {
+		for (p = s, q = ret; *p != '\0'; p++) {
+			if (strchr(specials, *p) != NULL) {
+				*q++ = '\\';
+			}
+			*q++ = *p;
+		}
+		*q++ = '\0';
+	}
+	return ret;
+}
diff --git a/src/util.h b/src/util.h
index 68fcde8..76c7eef 100644
--- a/src/util.h
+++ b/src/util.h
@@ -34,4 +34,7 @@ void str_to_upper_inplace(char *s);
  */
 char *str_to_upper(const char *s);
 
+/* Escape any shell special characters. */
+char *shell_escape(void *parent, const char *s);
+
 #endif