在C中将多个args发送到system()

时间:2023-01-30 21:26:37

Assume, I have one line bash script that executes everything it has in arguments

假设,我有一行bash脚本执行它在参数中的所有内容

#!/bin/bash
$1

So, the command ./one_line_script.sh "ls -lh" works fine. Also I have C code, that accepts arguments and send them to my bash script

所以,命令./one_line_script.sh“ls -lh”工作正常。我也有C代码,它接受参数并将它们发送到我的bash脚本

  int main (int argc, char* argv[])
  {
     char command[1000];
     sprintf(command, "/path/to/one_line_script.sh %s", argv[1]);
     system(command);
   return 0;
  }

And here I've got a problem, because ./c_program "ls -lh" returns only ls output. It doesn't understand few arguments. How do I need to modify my C code, so it could accept few arguments?

在这里我遇到了一个问题,因为./c_program“ls -lh”只返回ls输出。它不太了解一些论点。我如何修改我的C代码,所以它可以接受几个参数?

3 个解决方案

#1


2  

I would recommend to use fork and exec directly to avoid quoting issues altogether. Consider for example what happens if a ' is contained within an argument - when doing sprintf cmd-line butchering this leads to broken command lines.

我建议直接使用fork和exec来避免完全引用问题。例如,考虑如果a'包含在参数中会发生什么 - 在执行sprintf cmd-line*时会导致命令行损坏。

int pid = fork();

if(pid == 0) {
    execl("/bin/sh", "sh", "-c", arg1, arg2, arg3, 0);
} else {
    int status=0;
    waitpid(pid, &status, 0);
}

#2


0  

You need to quote it in your sprintf too, or bash will only receive one argument :)

你需要在你的sprintf中引用它,或者bash只会收到一个参数:)

sprintf(command, "/path/to/one_line_script.sh '%s'", argv[1]);

I've added quotes (') around the %s.

我在%s周围添加了引号(')。

You can also use $@ instead of $1 in your bash script, so it will take all arguments passed to it.

您还可以在bash脚本中使用$ @而不是$ 1,因此它将传递给它的所有参数。

#3


-1  

Try:

int i;

command[0] = '\0';
for (i = 1; i < argc; i++)
  strcat (command, argv[i]);

system (command);

This should work, but please be aware that it has a lot of security hazards: first of all executing any possible command you get on the command line might allow users to do things they normally aren't allowed to (don't setuid your program!). Then the buffer might easily overflow and allow all kinds of stack smashing. So I'd say: only use this program as a learning tool, to learn manipulation of argc/argv and to begin thinking about security. Don't even compile it!

这应该有效,但请注意它有很多安全隐患:首先执行命令行上的任何可能的命令可能允许用户做他们通常不允许的事情(不要设置你的程序) !)。然后缓冲区可能很容易溢出并允许各种堆栈粉碎。所以我要说:只使用这个程序作为学习工具,学习argc / argv的操作并开始考虑安全性。甚至不编译它!

#1


2  

I would recommend to use fork and exec directly to avoid quoting issues altogether. Consider for example what happens if a ' is contained within an argument - when doing sprintf cmd-line butchering this leads to broken command lines.

我建议直接使用fork和exec来避免完全引用问题。例如,考虑如果a'包含在参数中会发生什么 - 在执行sprintf cmd-line*时会导致命令行损坏。

int pid = fork();

if(pid == 0) {
    execl("/bin/sh", "sh", "-c", arg1, arg2, arg3, 0);
} else {
    int status=0;
    waitpid(pid, &status, 0);
}

#2


0  

You need to quote it in your sprintf too, or bash will only receive one argument :)

你需要在你的sprintf中引用它,或者bash只会收到一个参数:)

sprintf(command, "/path/to/one_line_script.sh '%s'", argv[1]);

I've added quotes (') around the %s.

我在%s周围添加了引号(')。

You can also use $@ instead of $1 in your bash script, so it will take all arguments passed to it.

您还可以在bash脚本中使用$ @而不是$ 1,因此它将传递给它的所有参数。

#3


-1  

Try:

int i;

command[0] = '\0';
for (i = 1; i < argc; i++)
  strcat (command, argv[i]);

system (command);

This should work, but please be aware that it has a lot of security hazards: first of all executing any possible command you get on the command line might allow users to do things they normally aren't allowed to (don't setuid your program!). Then the buffer might easily overflow and allow all kinds of stack smashing. So I'd say: only use this program as a learning tool, to learn manipulation of argc/argv and to begin thinking about security. Don't even compile it!

这应该有效,但请注意它有很多安全隐患:首先执行命令行上的任何可能的命令可能允许用户做他们通常不允许的事情(不要设置你的程序) !)。然后缓冲区可能很容易溢出并允许各种堆栈粉碎。所以我要说:只使用这个程序作为学习工具,学习argc / argv的操作并开始考虑安全性。甚至不编译它!