From 1ce4ec34c05a6a58f229dc231664ba66875598bc Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Thu, 25 Apr 2019 18:23:49 -0400 Subject: fopen(), fclose(): Replace echo, improve eval safety --- diff --git a/src/fd.sh b/src/fd.sh index 8bd4584..45b1423 100644 --- a/src/fd.sh +++ b/src/fd.sh @@ -57,7 +57,8 @@ fopen() # Find first available file descriptor. i=${_FD_MIN} while [ ${i} -le ${_FD_MAX} ]; do - if [ "x$(eval echo "\${_fd_${i}+set}")" != 'xset' ]; then + if [ "x$(eval "printf '%s' \"\${_fd_${i}+set}\"")" != 'xset' ] + then fd=${i} break fi @@ -68,8 +69,8 @@ fopen() return 1 fi - if eval "exec ${fd}${mode}'${path}'"; then - eval "_fd_${fd}='${mode}${path}'" + if eval "exec ${fd}${mode}\"\${path}\""; then + eval "_fd_${fd}=\"\${mode}\${path}\"" FD="${fd}" return 0 else @@ -84,7 +85,7 @@ fclose() shift 1 # Make sure the file descriptor is open. - if [ "x$(eval echo "\${_fd_${fd}+set}")" != 'xset' ]; then + if [ "x$(eval "printf '%s' \"\${_fd_${fd}+set}\"")" != 'xset' ]; then error "$(get_msg 'ebadf')" return 1 fi -- cgit v0.9.1