Argument Injection

[javaeyes]

I've been working on a project for a few months which creates 'random' logos via c. Everything is working great, and the logos are looking sharp. What I'm worried about is argument injection. The arguments (company name , slogan) originate from an html form and are then passed into c via a php exec() call. I may be in the wrong forum here, as any special c sanitizing seems like it must be done with php before the exec() call. I have tried injecting things like ";rm *png" and the program just treats them as literals and displays a logo using the text. I can't find any good tutorials on this, and am also wondering if there is some blanket c function to sanitize argv[i] before doing anything with it. Although at execution time it seems that danger has already passed.
Ideas or links appreciated.

[cas]

You're right in assuming it's not a C issue, generally speaking. If PHP's exec() is anything like POSIX's family of exec*() functions, the shell is not used at all, so shell injection is not possible.

Now, if you pass argv[1] to system(), for example, you'll have a problem; but argv[1] is just the string ";rm *png", as you've discovered. By itself it's not dangerous: only if you pass it to a shell is there a problem.

[brewbuck]

Instead of passing the string on the command line, write it to a file and have the C program read it from that file. That way there is no possibility of anything nasty.

[grumpy]

Instead of passing the string on the command line, write it to a file and have the C program read it from that file. That way there is no possibility of anything nasty.

Not true. Some other process can modify the file before it is read.

[brewbuck]

Not true. Some other process can modify the file before it is read.

That is obviously a possibility but in this case the most you'd be able to accomplish is cause the renderer to render a string of your choice. That is nowhere near as scary as passing user-supplied data into exec()