runtests: fix -c option when run with valgrind

The curl binary argument wasn't being quoted properly. This seems to
have broken at some point after quoting was added in commit 606b29fe.

Reported-by: Daniel Stenberg
Ref: #11073
Fixes #11074
Closes #11076

diff --git a/tests/runner.pm b/tests/runner.pm
index fba73302f375b955d25dfc990b60a36ac3c341ce..879ed0e98cde36b0af205e212bc0a1fa242e9432 100644 (file)
--- a/tests/runner.pm
+++ b/tests/runner.pm
@@ -100,6 +100,7 @@ use testutil qw(
     clearlogs
     logmsg
     runclient
+    shell_quote
     subbase64
     subnewlines
     );
@@ -848,7 +849,7 @@ sub singletest_run {
     }
 
     if(!$tool) {
-        $CMDLINE="$CURL";
+        $CMDLINE=shell_quote($CURL);
     }
 
     if(use_valgrind() && !$disablevalgrind) {
@@ -895,11 +896,11 @@ sub singletest_run {
     if ($torture) {
         $cmdres = torture($CMDLINE,
                           $testnum,
-                          "$gdb --directory $LIBDIR $DBGCURL -x $LOGDIR/gdbcmd");
+                          "$gdb --directory $LIBDIR " . shell_quote($DBGCURL) . " -x $LOGDIR/gdbcmd");
     }
     elsif($gdbthis) {
         my $GDBW = ($gdbxwin) ? "-w" : "";
-        runclient("$gdb --directory $LIBDIR $DBGCURL $GDBW -x $LOGDIR/gdbcmd");
+        runclient("$gdb --directory $LIBDIR " . shell_quote($DBGCURL) . " $GDBW -x $LOGDIR/gdbcmd");
         $cmdres=0; # makes it always continue after a debugged run
     }
     else {
@@ -933,7 +934,7 @@ sub singletest_clean {
             open(my $gdbcmd, ">", "$LOGDIR/gdbcmd2") || die "Failure writing gdb file";
             print $gdbcmd "bt\n";
             close($gdbcmd) || die "Failure writing gdb file";
-            runclient("$gdb --directory libtest -x $LOGDIR/gdbcmd2 -batch $DBGCURL core ");
+            runclient("$gdb --directory libtest -x $LOGDIR/gdbcmd2 -batch " . shell_quote($DBGCURL) . " core ");
      #       unlink("$LOGDIR/gdbcmd2");
         }
     }

diff --git a/tests/runtests.pl b/tests/runtests.pl
index cb1601f84069699293b68acc7b6a2f59b3c9c3bb..5bfda269ece543c92b4341eb04087c4d22858eef 100755 (executable)
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -405,7 +405,7 @@ sub checksystemfeatures {
 
     my $curlverout="$LOGDIR/curlverout.log";
     my $curlvererr="$LOGDIR/curlvererr.log";
-    my $versioncmd="$CURL --version 1>$curlverout 2>$curlvererr";
+    my $versioncmd=shell_quote($CURL) . " --version 1>$curlverout 2>$curlvererr";
 
     unlink($curlverout);
     unlink($curlvererr);
@@ -686,7 +686,7 @@ sub checksystemfeatures {
         $http_unix = 1 if($sws[0] =~ /unix/);
     }
 
-    open(my $manh, "-|", "$CURL -M 2>&1");
+    open(my $manh, "-|", shell_quote($CURL) . " -M 2>&1");
     while(my $s = <$manh>) {
         if($s =~ /built-in manual was disabled at build-time/) {
             $feature{"manual"} = 0;
@@ -1960,7 +1960,7 @@ while(@ARGV) {
     }
     elsif ($ARGV[0] eq "-c") {
         # use this path to curl instead of default
-        $DBGCURL=$CURL="\"$ARGV[1]\"";
+        $DBGCURL=$CURL=$ARGV[1];
         shift @ARGV;
     }
     elsif ($ARGV[0] eq "-vc") {
@@ -1970,12 +1970,12 @@ while(@ARGV) {
         # the development version as then it won't be able to run any tests
         # since it can't verify the servers!
 
-        $VCURL="\"$ARGV[1]\"";
+        $VCURL=shell_quote($ARGV[1]);
         shift @ARGV;
     }
     elsif ($ARGV[0] eq "-ac") {
         # use this curl only to talk to APIs (currently only CI test APIs)
-        $ACURL="\"$ARGV[1]\"";
+        $ACURL=shell_quote($ARGV[1]);
         shift @ARGV;
     }
     elsif ($ARGV[0] eq "-d") {
@@ -2236,7 +2236,7 @@ if(!$randseed) {
         localtime(time);
     # seed of the month. December 2019 becomes 201912
     $randseed = ($year+1900)*100 + $mon+1;
-    open(my $curlvh, "-|", "$CURL --version 2>/dev/null") ||
+    open(my $curlvh, "-|", shell_quote($CURL) . " --version 2>/dev/null") ||
         die "could not get curl version!";
     my @c = <$curlvh>;
     close($curlvh) || die "could not get curl version!";

diff --git a/tests/testutil.pm b/tests/testutil.pm
index 4847878412f6fb77dd0b22610cdb76b906244d6e..a2785f85b3fdc3195c813b1ac5bf6c92ba7de2a4 100644 (file)
--- a/tests/testutil.pm
+++ b/tests/testutil.pm
@@ -37,6 +37,7 @@ BEGIN {
         runclient
         runclientoutput
         setlogfunc
+        shell_quote
         subbase64
         subnewlines
     );
@@ -185,4 +186,19 @@ sub runclientoutput {
 #    return @out;
 }
 
+
+#######################################################################
+# Quote an argument for passing safely to a Bourne shell
+# This does the same thing as String::ShellQuote but doesn't need a package.
+#
+sub shell_quote {
+    my ($s)=@_;
+    if($s !~ m/^[-+=.,_\/:a-zA-Z0-9]+$/) {
+        # string contains a "dangerous" character--quote it
+        $s =~ s/'/'"'"'/g;
+        $s = "'" . $s . "'";
+    }
+    return $s;
+}
+
 1;