From: Jeff Sharkey <jsharkey@android.com>
Date: Fri, 1 Jun 2018 16:49:40 +0000 (-0600)
Subject: AOSP: Ignore quotes in safe_print().
X-Git-Tag: v1.44.4~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2587743008219e01913490ea9d0f524ae10eef9;p=thirdparty%2Fe2fsprogs.git

AOSP: Ignore quotes in safe_print().

If the value being printed has embedded quotes ("), then printing
those quotes could confuse other tools when parsing the value.

This is the simplest CL to fix the security issue, and we can circle
back to think about more robust escaping in a future CL.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Bug: 80436257
Test: manual
Change-Id: Ica17f2c5701573bceafe34f20110d230a3925483
From AOSP commit: efe90c297a8df591c051fdbfacb92b5283390bba
---

diff --git a/misc/blkid.c b/misc/blkid.c
index 96fffae49..472f0179e 100644
--- a/misc/blkid.c
+++ b/misc/blkid.c
@@ -87,7 +87,9 @@ static void safe_print(const char *cp, int len)
 			fputc('^', stdout);
 			ch ^= 0x40; /* ^@, ^A, ^B; ^? for DEL */
 		}
-		fputc(ch, stdout);
+		if (ch != '"') {
+			fputc(ch, stdout);
+		}
 	}
 }