utils/ipc-sshtunnel: Properly escape command passed to ssh

When ipc-sshtunnel spawns ipc-tap and ipc-inject over ssh, it does
not correctly escape the arguments passed to ssh, causing arguments
to be expanded where no expansion is desired.

This commit modifies the way ipc-sshtunnel so that it correctly
quotes and escapes arguments that are passed to ssh.

diff --git a/utils/ipc-sshtunnel.sh b/utils/ipc-sshtunnel.sh
index 91c69477f669bd8b234d8dca4f909dc718e2c368..4e7e0a431133ce7d6bff75e43cabcf7c2d367e26 100755 (executable)
--- a/utils/ipc-sshtunnel.sh
+++ b/utils/ipc-sshtunnel.sh
@@ -42,6 +42,23 @@ _array_add() {
        return 0
 }
 
+ssh_escape() {
+       local remote="$1"
+       local args=("${@:2}")
+
+       local arg
+       local escaped_args
+
+       escaped_args=()
+
+       for arg in "${args[@]}"; do
+               escaped_args+=("\"$arg\"")
+       done
+
+       ssh "$remote" "${escaped_args[*]}"
+       return "$?"
+}
+
 establish_ipc_tunnel() {
        local direction="$1"
        local remote="$2"
@@ -80,10 +97,10 @@ establish_ipc_tunnel() {
 
        case "$direction" in
                "in")
-                       ( ssh -n "$remote" ipc-tap "${tap_args[@]}" | ipc-inject "${inject_args[@]}" ) &
+                       ( ssh_escape "$remote" ipc-tap "${tap_args[@]}" </dev/null | ipc-inject "${inject_args[@]}" ) &
                        ;;
                "out")
-                       ( ipc-tap "${tap_args[@]}" | ssh "$remote" ipc-inject "${inject_args[@]}" ) &
+                       ( ipc-tap "${tap_args[@]}" | ssh_escape "$remote" ipc-inject "${inject_args[@]}" ) &
                        ;;
                *)
                        log_error "Invalid direction: $direction"