From a1ccda143111b3eea42c683bfd67773a9c55f2ef Mon Sep 17 00:00:00 2001 From: yanghao Date: Mon, 20 Mar 2023 20:06:00 +0800 Subject: [PATCH] fix gs_ctl restore cmd injection --- src/bin/pg_ctl/pg_ctl.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/bin/pg_ctl/pg_ctl.cpp b/src/bin/pg_ctl/pg_ctl.cpp index d436b62e9..9129bdf6d 100755 --- a/src/bin/pg_ctl/pg_ctl.cpp +++ b/src/bin/pg_ctl/pg_ctl.cpp @@ -4620,8 +4620,8 @@ static void do_full_restore(void) "select * from pg_catalog.gs_download_obs_file('%s', '%s/base.tar.gz', 'base.tar.gz')", slotname, key_cn); securec_check_ss_c(ret, "\0", "\0"); - ret = snprintf_s(tar_cmd, MAXPGPATH, MAX_PATH_LEN - 1, "tar -zvxf %s/base.tar.gz -C %s --strip-components 1", - pg_data, pg_data); + ret = snprintf_s(tar_cmd, MAXPGPATH, MAX_PATH_LEN - 1, + "tar -zvxf \"%s\"/base.tar.gz -C \"%s\" --strip-components 1", pg_data, pg_data); securec_check_ss_c(ret, "\0", "\0");