From 255a81424c61dba656b9a788b760664eafd1de36 Mon Sep 17 00:00:00 2001
From: hno <>
Date: Sat, 7 Sep 2002 02:11:44 +0000
Subject: [PATCH] Bugfix: Proper quoting of external_acl messages

---
 src/external_acl.cc | 49 +++++++++++++++++++++++++++------------------
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git a/src/external_acl.cc b/src/external_acl.cc
index 8b5fe5cf15..a1e8f85897 100644
--- a/src/external_acl.cc
+++ b/src/external_acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: external_acl.cc,v 1.10 2002/09/05 21:09:24 hno Exp $
+ * $Id: external_acl.cc,v 1.11 2002/09/06 20:11:44 hno Exp $
  *
  * DEBUG: section 82    External ACL
  * AUTHOR: Henrik Nordstrom, MARA Systems AB
@@ -58,6 +58,7 @@ static int external_acl_entry_expired(external_acl * def, external_acl_entry * e
 static void external_acl_cache_touch(external_acl * def, external_acl_entry * entry);
 
 extern char *strtokFile(void);
+static void strwordquote(MemBuf * mb, const char *str);
 
 /*******************************************************************
  * external_acl cache entry
@@ -549,28 +550,16 @@ makeExternalAclKey(aclCheck_t * ch, external_acl_data * acl_data)
 		str = NULL;
 	if (!str)
 	    str = "-";
-	if (first) {
-	    char *s = log_quote(str);
-	    memBufPrintf(&mb, "%s", s);
-	    safe_free(s);
-	} else {
-	    char *s = log_quote(str);
-	    memBufPrintf(&mb, " %s", s);
-	    safe_free(s);
-	}
+	if (!first)
+	    memBufAppend(&mb, " ", 1);
+	strwordquote(&mb, str);
 	stringClean(&sb);
 	first = 0;
     }
     for (arg = acl_data->arguments; arg; arg = arg->next) {
-	if (first) {
-	    char *s = log_quote(arg->key);
-	    memBufPrintf(&mb, "%s", s);
-	    safe_free(s);
-	} else {
-	    char *s = log_quote(arg->key);
-	    memBufPrintf(&mb, " %s", s);
-	    safe_free(s);
-	}
+	if (!first)
+	    memBufAppend(&mb, " ", 1);
+	strwordquote(&mb, arg->key);
 	first = 0;
     }
     return mb.buf;
@@ -711,6 +700,28 @@ strwordtok(char *buf, char **t)
     return (char *) word;
 }
 
+static void
+strwordquote(MemBuf * mb, const char *str)
+{
+    int quoted = 0;
+    if (strchr(str, ' ')) {
+	quoted = 1;
+	memBufAppend(mb, "\"", 1);
+    }
+    while (*str) {
+	int l = strcspn(str, "\"\\");
+	memBufAppend(mb, str, l);
+	str += l;
+	while (*str == '"' || *str == '\\') {
+	    memBufAppend(mb, "\\", 1);
+	    memBufAppend(mb, str, 1);
+	    str++;
+	}
+    }
+    if (quoted)
+	memBufAppend(mb, "\"", 1);
+}
+
 /*
  * The helper program receives queries on stdin, one
  * per line, and must return the result on on stdout as
-- 
2.47.2