diff options
author | wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> | 2002-03-22 07:55:00 +0000 |
---|---|---|
committer | wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> | 2002-03-22 07:55:00 +0000 |
commit | 1c15198675cd9ca6e6426dff372fa03cec5396ba (patch) | |
tree | f1ce6f3d5c5dc6c8fa9b137424856cd8ffca62bb /threadproc | |
parent | b1332220ced4cdbda4641f5c586820cf791b0be8 (diff) | |
download | libapr-1c15198675cd9ca6e6426dff372fa03cec5396ba.tar.gz |
Stub in the warning and observations.
git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@63180 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'threadproc')
-rw-r--r-- | threadproc/win32/proc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/threadproc/win32/proc.c b/threadproc/win32/proc.c index 434158d88..36f952d1c 100644 --- a/threadproc/win32/proc.c +++ b/threadproc/win32/proc.c @@ -446,6 +446,11 @@ APR_DECLARE(apr_status_t) apr_proc_create(apr_proc_t *new, } i = strlen(progname); if (i >= 11 && strcasecmp(progname + i - 11, "command.com") == 0) { + /* XXX: Still insecure - need doubled-quotes on each individual + * arg of cmdline. Suspect we need to postpone cmdline parsing + * until this moment in all four code paths, with some flags + * to toggle 'which flavor' is needed. + */ cmdline = apr_pstrcat(pool, shellcmd, " /C ", argv0, cmdline, NULL); } else { |