Fix: safely split command strings (#340)

xjasonlyu · Feb 19, 2024 · 8653c18 · 8653c18
1 parent 7b1d73d
commit 8653c18
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/engine/engine.go b/engine/engine.go
@@ -4,11 +4,11 @@ import (
 	"errors"
 	"net"
 	"os/exec"
-	"strings"
 	"sync"
 	"time"
 
 	"github.com/docker/go-units"
+	"github.com/google/shlex"
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
 
@@ -93,11 +93,14 @@ func stop() (err error) {
 }
 
 func execCommand(cmd string) error {
-	parts := strings.Fields(cmd)
+	parts, err := shlex.Split(cmd)
+	if err != nil {
+		return err
+	}
 	if len(parts) == 0 {
 		return errors.New("empty command")
 	}
-	_, err := exec.Command(parts[0], parts[1:]...).Output()
+	_, err = exec.Command(parts[0], parts[1:]...).Output()
 	return err
 }
 
@@ -170,6 +173,7 @@ func netstack(k *Key) (err error) {
 	}
 
 	if k.TUNPreUp != "" {
+		log.Infof("[TUN] pre-execute command: `%s`", k.TUNPreUp)
 		if preUpErr := execCommand(k.TUNPreUp); preUpErr != nil {
 			log.Warnf("[TUN] failed to pre-execute: %s: %v", k.TUNPreUp, preUpErr)
 		}
@@ -179,6 +183,7 @@ func netstack(k *Key) (err error) {
 		if k.TUNPostUp == "" || err != nil {
 			return
 		}
+		log.Infof("[TUN] post-execute command: `%s`", k.TUNPostUp)
 		if postUpErr := execCommand(k.TUNPostUp); postUpErr != nil {
 			log.Warnf("[TUN] failed to post-execute: %s: %v", k.TUNPostUp, postUpErr)
 		}

diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/go-chi/cors v1.2.1
 	github.com/go-chi/render v1.0.3
 	github.com/go-gost/relay v0.5.0
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/schema v1.2.1
 	github.com/gorilla/websocket v1.5.1

diff --git a/go.sum b/go.sum
@@ -16,6 +16,8 @@ github.com/go-gost/relay v0.5.0 h1:JG1tgy/KWiVXS0ukuVXvbM0kbYuJTWxYpJ5JwzsCf/c=
 github.com/go-gost/relay v0.5.0/go.mod h1:lcX+23LCQ3khIeASBo+tJ/WbwXFO32/N5YN6ucuYTG8=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/schema v1.2.1 h1:tjDxcmdb+siIqkTNoV+qRH2mjYdr2hHe5MKXbp61ziM=