runtests: fix -c option when run with valgrind

The curl binary argument wasn't being quoted properly. This seems to have broken at some point after quoting was added in commit 606b29fe. Reported-by: Daniel Stenberg Ref: #11073 Fixes #11074 Closes #11076
author: Dan Fandrich <dan@coneharvesters.com> 2023-05-04 21:18:36 -0700
committer: Dan Fandrich <dan@coneharvesters.com> 2023-05-05 09:52:38 -0700
commit: 3d7502985998c8baaabea97118425226971393bd (patch)
tree: 5d13055fe1c84d94c6bbcfaf4b640881a765363d
parent: faebcee349d45f46638add6dda3185425c7afac6 (diff)
download: curl-3d7502985998c8baaabea97118425226971393bd.tar.gz
3 files changed, 27 insertions, 10 deletions
diff --git a/tests/runner.pm b/tests/runner.pm
index fba73302f..879ed0e98 100644
--- a/tests/runner.pm
+++ b/tests/runner.pm
@@ -100,6 +100,7 @@ use testutil qw(
     clearlogs
     logmsg
     runclient
+    shell_quote
     subbase64
     subnewlines
     );
@@ -848,7 +849,7 @@ sub singletest_run {
     }
 
     if(!$tool) {
-        $CMDLINE="$CURL";
+        $CMDLINE=shell_quote($CURL);
     }
 
     if(use_valgrind() && !$disablevalgrind) {
@@ -895,11 +896,11 @@ sub singletest_run {
     if ($torture) {
         $cmdres = torture($CMDLINE,
                           $testnum,
-                          "$gdb --directory $LIBDIR $DBGCURL -x $LOGDIR/gdbcmd");
+                          "$gdb --directory $LIBDIR " . shell_quote($DBGCURL) . " -x $LOGDIR/gdbcmd");
     }
     elsif($gdbthis) {
         my $GDBW = ($gdbxwin) ? "-w" : "";
-        runclient("$gdb --directory $LIBDIR $DBGCURL $GDBW -x $LOGDIR/gdbcmd");
+        runclient("$gdb --directory $LIBDIR " . shell_quote($DBGCURL) . " $GDBW -x $LOGDIR/gdbcmd");
         $cmdres=0; # makes it always continue after a debugged run
     }
     else {
@@ -933,7 +934,7 @@ sub singletest_clean {
             open(my $gdbcmd, ">", "$LOGDIR/gdbcmd2") || die "Failure writing gdb file";
             print $gdbcmd "bt\n";
             close($gdbcmd) || die "Failure writing gdb file";
-            runclient("$gdb --directory libtest -x $LOGDIR/gdbcmd2 -batch $DBGCURL core ");
+            runclient("$gdb --directory libtest -x $LOGDIR/gdbcmd2 -batch " . shell_quote($DBGCURL) . " core ");
      #       unlink("$LOGDIR/gdbcmd2");
         }
     }
diff --git a/tests/runtests.pl b/tests/runtests.pl
index cb1601f84..5bfda269e 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -405,7 +405,7 @@ sub checksystemfeatures {
 
     my $curlverout="$LOGDIR/curlverout.log";
     my $curlvererr="$LOGDIR/curlvererr.log";
-    my $versioncmd="$CURL --version 1>$curlverout 2>$curlvererr";
+    my $versioncmd=shell_quote($CURL) . " --version 1>$curlverout 2>$curlvererr";
 
     unlink($curlverout);
     unlink($curlvererr);
@@ -686,7 +686,7 @@ sub checksystemfeatures {
         $http_unix = 1 if($sws[0] =~ /unix/);
     }
 
-    open(my $manh, "-|", "$CURL -M 2>&1");
+    open(my $manh, "-|", shell_quote($CURL) . " -M 2>&1");
     while(my $s = <$manh>) {
         if($s =~ /built-in manual was disabled at build-time/) {
             $feature{"manual"} = 0;
@@ -1960,7 +1960,7 @@ while(@ARGV) {
     }
     elsif ($ARGV[0] eq "-c") {
         # use this path to curl instead of default
-        $DBGCURL=$CURL="\"$ARGV[1]\"";
+        $DBGCURL=$CURL=$ARGV[1];
         shift @ARGV;
     }
     elsif ($ARGV[0] eq "-vc") {
@@ -1970,12 +1970,12 @@ while(@ARGV) {
         # the development version as then it won't be able to run any tests
         # since it can't verify the servers!
 
-        $VCURL="\"$ARGV[1]\"";
+        $VCURL=shell_quote($ARGV[1]);
         shift @ARGV;
     }
     elsif ($ARGV[0] eq "-ac") {
         # use this curl only to talk to APIs (currently only CI test APIs)
-        $ACURL="\"$ARGV[1]\"";
+        $ACURL=shell_quote($ARGV[1]);
         shift @ARGV;
     }
     elsif ($ARGV[0] eq "-d") {
@@ -2236,7 +2236,7 @@ if(!$randseed) {
         localtime(time);
     # seed of the month. December 2019 becomes 201912
     $randseed = ($year+1900)*100 + $mon+1;
-    open(my $curlvh, "-|", "$CURL --version 2>/dev/null") ||
+    open(my $curlvh, "-|", shell_quote($CURL) . " --version 2>/dev/null") ||
         die "could not get curl version!";
     my @c = <$curlvh>;
     close($curlvh) || die "could not get curl version!";
diff --git a/tests/testutil.pm b/tests/testutil.pm
index 484787841..a2785f85b 100644
--- a/tests/testutil.pm
+++ b/tests/testutil.pm
@@ -37,6 +37,7 @@ BEGIN {
         runclient
         runclientoutput
         setlogfunc
+        shell_quote
         subbase64
         subnewlines
     );
@@ -185,4 +186,19 @@ sub runclientoutput {
 #    return @out;
 }
 
+
+#######################################################################
+# Quote an argument for passing safely to a Bourne shell
+# This does the same thing as String::ShellQuote but doesn't need a package.
+#
+sub shell_quote {
+    my ($s)=@_;
+    if($s !~ m/^[-+=.,_\/:a-zA-Z0-9]+$/) {
+        # string contains a "dangerous" character--quote it
+        $s =~ s/'/'"'"'/g;
+        $s = "'" . $s . "'";
+    }
+    return $s;
+}
+
 1;
author	Dan Fandrich <dan@coneharvesters.com>	2023-05-04 21:18:36 -0700
committer	Dan Fandrich <dan@coneharvesters.com>	2023-05-05 09:52:38 -0700
commit	3d7502985998c8baaabea97118425226971393bd (patch)
tree	5d13055fe1c84d94c6bbcfaf4b640881a765363d
parent	faebcee349d45f46638add6dda3185425c7afac6 (diff)
download	curl-3d7502985998c8baaabea97118425226971393bd.tar.gz