From 7589c960e0b7cafd78ab40a4df1cce45dabdba0a Mon Sep 17 00:00:00 2001
From: Matthias Kruk <m@m10k.eu>
Date: Sat, 11 Mar 2023 17:07:30 +0900
Subject: [PATCH] utils/ipc-sshtunnel: Properly escape command passed to ssh

When ipc-sshtunnel spawns ipc-tap and ipc-inject over ssh, it does
not correctly escape the arguments passed to ssh, causing arguments
to be expanded where no expansion is desired.

This commit modifies the way ipc-sshtunnel so that it correctly
quotes and escapes arguments that are passed to ssh.
---
 utils/ipc-sshtunnel.sh | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/utils/ipc-sshtunnel.sh b/utils/ipc-sshtunnel.sh
index 91c6947..4e7e0a4 100755
--- a/utils/ipc-sshtunnel.sh
+++ b/utils/ipc-sshtunnel.sh
@@ -42,6 +42,23 @@ _array_add() {
 	return 0
 }
 
+ssh_escape() {
+	local remote="$1"
+	local args=("${@:2}")
+
+	local arg
+	local escaped_args
+
+	escaped_args=()
+
+	for arg in "${args[@]}"; do
+		escaped_args+=("\"$arg\"")
+	done
+
+	ssh "$remote" "${escaped_args[*]}"
+	return "$?"
+}
+
 establish_ipc_tunnel() {
 	local direction="$1"
 	local remote="$2"
@@ -80,10 +97,10 @@ establish_ipc_tunnel() {
 
 	case "$direction" in
 		"in")
-			( ssh -n "$remote" ipc-tap "${tap_args[@]}" | ipc-inject "${inject_args[@]}" ) &
+			( ssh_escape "$remote" ipc-tap "${tap_args[@]}" </dev/null | ipc-inject "${inject_args[@]}" ) &
 			;;
 		"out")
-			( ipc-tap "${tap_args[@]}" | ssh "$remote" ipc-inject "${inject_args[@]}" ) &
+			( ipc-tap "${tap_args[@]}" | ssh_escape "$remote" ipc-inject "${inject_args[@]}" ) &
 			;;
 		*)
 			log_error "Invalid direction: $direction"
-- 
2.47.3