From: Doug MacEachern <dougm@apache.org>
Date: Wed, 9 Jan 2002 19:24:32 +0000 (+0000)
Subject: get SSLPassPhraseDialog exec: working by passing the proper arguments
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ce691568524ea25cc7cf134ed64902d8f5105014;p=apache

get SSLPassPhraseDialog exec: working by passing the proper arguments
to apr_proc_create()
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92786 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 998e63825a..74e892942c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,7 @@
 Changes with Apache 2.0.31-dev
 
+  *) Fix SSLPassPhraseDialog exec: [Doug MacEachern]
+
 Changes with Apache 2.0.30
 
   *) Fix the main bug for FreeBSD and threaded MPM's. There are
diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index 699848279e..b5e9832541 100644
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -743,9 +743,11 @@ char        *ssl_util_vhostid(apr_pool_t *, server_rec *);
 void         ssl_util_strupper(char *);
 void         ssl_util_uuencode(char *, const char *, BOOL);
 void         ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
-apr_file_t  *ssl_util_ppopen(server_rec *, apr_pool_t *, char *);
+apr_file_t  *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
+                             const char * const *);
 void         ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
-char        *ssl_util_readfilter(server_rec *, apr_pool_t *, char *);
+char        *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
+                                 const char * const *);
 BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
 ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
 char        *ssl_util_algotypestr(ssl_algo_t);
diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index ddb693a7e5..5f7aa6a530 100644
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -533,18 +533,20 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
      * Filter program
      */
     else if (sc->nPassPhraseDialogType == SSL_PPTYPE_FILTER) {
-        char *cmd;
+        const char *cmd = sc->szPassPhraseDialogPath;
+        const char **argv = apr_palloc(p, sizeof(char *) * 4);
         char *result;
 
         ssl_log(s, SSL_LOG_INFO,
                 "Init: Requesting pass phrase from dialog filter program (%s)",
-                sc->szPassPhraseDialogPath);
+                cmd);
 
-        if (ap_strchr_c(sc->szPassPhraseDialogPath, ' ') != NULL)
-            cmd = apr_psprintf(p, "\"%s\" %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
-        else
-            cmd = apr_psprintf(p, "%s %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
-        result = ssl_util_readfilter(s, p, cmd);
+        argv[0] = cmd;
+        argv[1] = cpVHostID;
+        argv[2] = cpAlgoType;
+        argv[3] = NULL;
+
+        result = ssl_util_readfilter(s, p, cmd, argv);
         apr_cpystrn(buf, result, bufsize);
         len = strlen(buf);
     }
diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
index c4e137cd01..2dd65083cf 100644
--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -139,7 +139,8 @@ void ssl_util_uuencode_binary(unsigned char *szTo,
     return;
 }
 
-apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, char *cmd)
+apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
+                            const char * const *argv)
 {
     apr_procattr_t *procattr;
     apr_proc_t *proc;
@@ -156,7 +157,7 @@ apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, char *cmd)
         return NULL;
     if ((proc = (apr_proc_t *)apr_pcalloc(p, sizeof(apr_proc_t))) == NULL)
         return NULL;
-    if (apr_proc_create(proc, cmd, NULL, NULL, procattr, p) != APR_SUCCESS)
+    if (apr_proc_create(proc, cmd, argv, NULL, procattr, p) != APR_SUCCESS)
         return NULL;
     return proc->out;
 }
@@ -170,16 +171,18 @@ void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
 /*
  * Run a filter program and read the first line of its stdout output
  */
-char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, char *cmd)
+char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
+                          const char * const *argv)
 {
     static char buf[MAX_STRING_LEN];
     apr_file_t *fp;
-    apr_size_t nbytes;
+    apr_size_t nbytes = 1;
     char c;
     int k;
 
-    if ((fp = ssl_util_ppopen(s, p, cmd)) == NULL)
+    if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
         return NULL;
+    /* XXX: we are reading 1 byte at a time here */
     for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
                 && nbytes == 1 && (k < MAX_STRING_LEN-1)     ; ) {
         if (c == '\n' || c == '\r')