From 4221d111bdf2f0077f8974317e441c30e8de959c Mon Sep 17 00:00:00 2001
From: sebres <sebres@users.sourceforge.net>
Date: Fri, 27 Oct 2023 10:46:17 +0000
Subject: fixes percent-subst regression [fb2fa9b3f6] introduced by fixing of
 vulnerability [21b0629c81]; warning (todo): since it'd reopen a
 injection-vector by execution of command processor/batch-files as described
 in [fb2fa9b3f6] (unexpected tripple/double quote), [exec] as well as [open
 |...] should get new option for safe escape (or no .bat/.cmd/comspec
 execution with arguments from foreign input can be considered as safe without
 extra parameters validation).

---
 tests/winPipe.test |  7 +++++++
 win/tclWinPipe.c   | 11 ++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/tests/winPipe.test b/tests/winPipe.test
index 9aa84a9..5d3999e 100644
--- a/tests/winPipe.test
+++ b/tests/winPipe.test
@@ -352,6 +352,13 @@ proc _testExecArgs {flags args} {
 	    } r]} {
 		set r "ERROR: $r"
 	    }
+	    if {[file extension [lindex $cmd 0]] eq ".bat"} {
+		set evm {}; foreach ev [lsort -unique [regexp -inline -all {%[A-Z]+%} $e]] {
+		    set ev [string range $ev 1 end-1]
+		    if {[info exists ::env($ev)]} { lappend evm %$ev% $::env($ev) }
+		}
+		set e [string map $evm $e]
+	    }
 	    if {$r ne $e} {
 		append broken "\[ERROR\]: exec [file extension [lindex $cmd 0]] on $args\n  -- result:\n$r\n  -- expected:\n$e\n"
 	    }
diff --git a/win/tclWinPipe.c b/win/tclWinPipe.c
index 8b707fa..b992536 100644
--- a/win/tclWinPipe.c
+++ b/win/tclWinPipe.c
@@ -1557,12 +1557,20 @@ BuildCommandLine(
     const char *arg, *start, *special, *bspos;
     int quote = 0, i;
     Tcl_DString ds;
+#ifdef TCL_WIN_PIPE_FULLESC
+    /* full escape inclusive %-subst avoidance */
     static const char specMetaChars[] = "&|^<>!()%";
 				/* Characters to enclose in quotes if unpaired
 				 * quote flag set. */
     static const char specMetaChars2[] = "%";
 				/* Character to enclose in quotes in any case
 				 * (regardless of unpaired-flag). */
+#else
+    /* escape considering quotation only (no %-subst avoidance) */
+    static const char specMetaChars[] = "&|^<>!()";
+				/* Characters to enclose in quotes if unpaired
+				 * quote flag set. */
+#endif
     /*
      * Quote flags:
      *   CL_ESCAPE   - escape argument;
@@ -1700,7 +1708,7 @@ BuildCommandLine(
 		    start = !bspos ? special : bspos;
 		    continue;
 		}
-
+#ifdef TCL_WIN_PIPE_FULLESC
 		/*
 		 * Special case for % - should be enclosed always (paired
 		 * also)
@@ -1717,6 +1725,7 @@ BuildCommandLine(
 		    start = !bspos ? special : bspos;
 		    continue;
 		}
+#endif
 
 		/*
 		 * Other not special (and not meta) character
-- 
cgit v0.12