fix: harden host tool argument handling

midwan · midwan · commit c03c264e2bb5 · 2026-04-26T18:17:27.000+02:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,3 +1,6 @@
+# SPDX-FileCopyrightText: 2020-2026 Dimitris Panokostas
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 name: Build Amiberry Host Tools
 
 on:
@@ -17,7 +20,7 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
-    container: amigadev/crosstools:m68k-amigaos
+    container: sacredbanana/amiga-compiler:m68k-amigaos
 
     steps:
     - name: Checkout repository
diff --git a/.gitignore b/.gitignore
@@ -1,57 +1,75 @@
-# Prerequisites
-*.d
+# SPDX-FileCopyrightText: 2020-2026 Dimitris Panokostas
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Host OS metadata
+.DS_Store
+Thumbs.db
+Desktop.ini
+
+# Editor and local workspace state
+*~
+*.swp
+*.swo
+.idea/
+.vscode/
 
-# Object files
+# Local build directories and metadata
+build/
+dist/
+release/
+tmp/
+.cache/
+compile_commands.json
+
+# Compiler intermediates
+*.d
 *.o
-*.ko
 *.obj
-*.elf
+*.lo
+*.ko
+*.gch
+*.pch
+*.lst
 
-# Linker output
+# Linker and debug output
+*.elf
+*.exp
+*.hex
 *.ilk
 *.map
-*.exp
-
-# Precompiled Headers
-*.gch
-*.pch
+*.pdb
+*.su
+*.sym
+*.debug
+*.dSYM/
 
-# Libraries
-*.lib
+# Libraries and host shared objects
 *.a
 *.la
-*.lo
-
-# Shared objects (inc. Windows DLLs)
+*.lib
 *.dll
+*.dylib
 *.so
 *.so.*
-*.dylib
 
-# Executables
+# Host executables
+*.app
 *.exe
 *.out
-*.app
 *.i*86
 *.x86_64
-*.hex
-
-# Debug files
-*.dSYM/
-*.su
-*.idb
-*.pdb
 
-# Kernel Module Compile Results
-*.mod*
-*.cmd
-.tmp_versions/
-modules.order
-Module.symvers
-Mkfile.old
-dkms.conf
+# Release packages and Amiga archives
+*.lha
+*.lzh
+*.zip
+*.tar
+*.tar.gz
+*.tgz
+*.tar.bz2
+*.tar.xz
 
-# Amiberry Host Tools
+# Amiberry Host Tools binaries
 host-run
 host-shell
 host-multiview
diff --git a/Makefile b/Makefile
@@ -1,21 +1,26 @@
+# SPDX-FileCopyrightText: 2020-2026 Dimitris Panokostas
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 # m68k-amigaos-gcc -Isrc -noixemul -fomit-frame-pointer -Os -std=c99 -o host-run src/host-run.c
 all: host-run host-multiview host-shell
 
 VERSION		= 2.0
 DATE		= 2026-04-13
 
+ifeq ($(origin CC),default)
 CC			= m68k-amigaos-gcc
+endif
 INCLUDES	= -Isrc
 CFLAGS		= -mcpu=68020 -noixemul -Os -fomit-frame-pointer -std=c99 -Wall -Wextra
 VERFLAGS	= -DVERSION_STR="\"$(VERSION)\"" -DDATE_STR="\"$(DATE)\""
 
-host-run: src/host-run.c
+host-run: src/host-run.c src/host_common.h src/uae_pragmas.h
 	$(CC) $(CFLAGS) $(VERFLAGS) $(INCLUDES) src/host-run.c -o $@
 
-host-multiview: src/host-multiview.c
+host-multiview: src/host-multiview.c src/host_common.h src/uae_pragmas.h
 	$(CC) $(CFLAGS) $(VERFLAGS) $(INCLUDES) src/host-multiview.c -o $@
 
-host-shell: src/host-shell.c
+host-shell: src/host-shell.c src/host_common.h src/uae_pragmas.h
 	$(CC) $(CFLAGS) $(VERFLAGS) $(INCLUDES) src/host-shell.c -o $@
 
 debug: CFLAGS += -DDEBUG -g
diff --git a/README.md b/README.md
@@ -1,3 +1,8 @@
+<!--
+SPDX-FileCopyrightText: 2020-2026 Dimitris Panokostas
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
 # Amiberry Host Tools
 
 A collection of AmigaOS tools designed to bridge the gap between the Amiberry emulator and the host operating system (Linux, macOS, etc.).
@@ -84,17 +89,24 @@ Make AmigaOS automatically open `.mkv` files on the host:
 
 ## Building
 
-This project is built using **GitHub Actions**. Every push to `master` or a version tag triggers a build using the `amigadev/crosstools:m68k-amigaos` Docker image.
+This project is built using **GitHub Actions**. Every push to `master` or a version tag triggers a build using the `sacredbanana/amiga-compiler:m68k-amigaos` Docker image.
 
 To build locally (requires the m68k-amigaos cross-compiler):
 ```shell
 make all
 ```
 
+To build locally with the same Docker image used by CI:
+```shell
+docker run --rm -v "$PWD":/work -w /work sacredbanana/amiga-compiler:m68k-amigaos make all
+```
+
 To build with debug output enabled:
 ```shell
 make debug
 ```
 
 ## License
-GPLv3
+Copyright (C) 2020-2026 Dimitris Panokostas.
+
+Amiberry Host Tools is licensed under the GNU General Public License version 3 or later. See [LICENSE](LICENSE) for details.
diff --git a/src/host-multiview.c b/src/host-multiview.c
@@ -1,6 +1,12 @@
+/*
+ * SPDX-FileCopyrightText: 2020-2026 Dimitris Panokostas
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include "host_common.h"
 #include "uae_pragmas.h"
 
 static const char version[] = "$VER: Host-MultiView v" VERSION_STR " (" DATE_STR ")";
@@ -16,7 +22,8 @@ int print_usage()
 int main(int argc, char *argv[])
 {
     BPTR lock;
-    char filename[1024];
+    char filename[HOST_MAX_PATH_LEN];
+    int status = 0;
 
     if (!InitUAEResource())
     {
@@ -40,21 +47,37 @@ int main(int argc, char *argv[])
     {
         char *target = argv[i];
 
+        if (argv[i][0] == '\0') {
+            printf("Empty filename or URL argument\n");
+            status = HOST_RETURN_ERROR;
+            continue;
+        }
+
         /* Try to resolve as a file path first to get the host path (skip URLs) */
-        if (!strstr(argv[i], "://") && ((lock = Lock(argv[i], ACCESS_READ))))
+        if (!host_is_uri(argv[i]) && ((lock = Lock((STRPTR)argv[i], ACCESS_READ))))
         {
+            filename[0] = '\0';
+            filename[sizeof(filename) - 1] = '\0';
             if (NativeDosOp(0, (ULONG)lock, (ULONG)filename, sizeof(filename)) == 0) {
                  UnLock(lock);
+                 if (host_filled_buffer(filename, sizeof(filename))) {
+                     printf("Resolved host path is too long: %s\n", argv[i]);
+                     status = HOST_RETURN_ERROR;
+                     continue;
+                 }
                  target = filename;
             } else {
                  UnLock(lock);
             }
         }
         
         /* Send the request to Amiberry */
-        /* Opcode 94 handles the quoting and OS-specific command (open/xdg-open) */
-        HostShell_View((UBYTE *)target);
+        /* Opcode 89 handles the quoting and OS-specific command (open/xdg-open) */
+        if (!HostShell_View((UBYTE *)target)) {
+            printf("Failed to open on host: %s\n", argv[i]);
+            status = HOST_RETURN_ERROR;
+        }
     }
     
-    return 0;
-}
+    return status;
+}
diff --git a/src/host-run.c b/src/host-run.c
@@ -1,12 +1,16 @@
+/*
+ * SPDX-FileCopyrightText: 2020-2026 Dimitris Panokostas
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include "host_common.h"
 #include "uae_pragmas.h"
 
 static const char version[] = "$VER: Host-Run v" VERSION_STR " (" DATE_STR ")";
 
-#define MAX_CMD_LEN 4096
-
 int print_usage()
 {
     printf("Host-Run v%s\n", VERSION_STR);
@@ -15,58 +19,11 @@ int print_usage()
     return 0;
 }
 
-// Check if a character is safe for shell (no quoting needed)
-int is_safe_char(char c) {
-    return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') ||
-           c == '.' || c == '_' || c == '-' || c == '/' || c == ':' || c == '+' || c == '=' || c == ',' || c == '@';
-}
-
-// Append a string to the buffer, quoting it if necessary
-void append_quoted(char *dest, const char *src, size_t max_len) {
-    size_t current_len = strlen(dest);
-    if (current_len >= max_len - 1) return;
-
-    int needs_quote = 0;
-    for (const char *p = src; *p; p++) {
-        if (!is_safe_char(*p)) {
-            needs_quote = 1;
-            break;
-        }
-    }
-
-    // Ensure we have space for opening quote
-    if (needs_quote) {
-        if (current_len < max_len - 1) dest[current_len++] = '\'';
-        dest[current_len] = '\0';
-    }
-
-    for (const char *p = src; *p; p++) {
-        if (*p == '\'') {
-            // Escape single quote: ' -> '\''
-            if (current_len + 4 >= max_len) break;
-            dest[current_len++] = '\'';
-            dest[current_len++] = '\\';
-            dest[current_len++] = '\'';
-            dest[current_len++] = '\'';
-        } else {
-            if (current_len + 1 >= max_len - 1) break; // Reserve space for close quote + null
-            dest[current_len++] = *p;
-        }
-    }
-    dest[current_len] = '\0';
-
-    // Closing quote
-    if (needs_quote) {
-        if (current_len < max_len - 1) dest[current_len++] = '\'';
-        dest[current_len] = '\0';
-    }
-}
-
 int main(int argc, char *argv[])
 {
     BPTR lock;
-    char command[MAX_CMD_LEN] = "";
-    char filename[1024];
+    char command[HOST_MAX_COMMAND_LEN] = "";
+    char filename[HOST_MAX_PATH_LEN];
 
     if (!InitUAEResource())
     {
@@ -89,30 +46,35 @@ int main(int argc, char *argv[])
     {
         // Try to resolve as a file path first (skip URLs to avoid volume requester)
         int is_resolved_file = 0;
-        if (!strstr(argv[i], "://") && ((lock = Lock(argv[i], ACCESS_READ))))
+        if (argv[i][0] != '\0' && !host_is_uri(argv[i]) && ((lock = Lock((STRPTR)argv[i], ACCESS_READ))))
         {
+            filename[0] = '\0';
+            filename[sizeof(filename) - 1] = '\0';
             if (NativeDosOp(0, (ULONG)lock, (ULONG)filename, sizeof(filename)) == 0) {
                  UnLock(lock);
+                 if (host_filled_buffer(filename, sizeof(filename))) {
+                     printf("Resolved host path is too long\n");
+                     return HOST_RETURN_ERROR;
+                 }
                  is_resolved_file = 1;
             } else {
                  UnLock(lock);
             }
         }
 
-        // Separate arguments with space
-        if (i > 1) {
-            strncat(command, " ", MAX_CMD_LEN - strlen(command) - 1);
-        }
-
-        if (is_resolved_file) {
-            append_quoted(command, filename, MAX_CMD_LEN);
-        } else {
-            append_quoted(command, argv[i], MAX_CMD_LEN);
+        if (!host_append_shell_arg(command, sizeof(command),
+                                   is_resolved_file ? filename : argv[i], i > 1)) {
+            printf("Command is too long\n");
+            return HOST_RETURN_ERROR;
         }
     }
 
 #ifdef DEBUG
     printf("DEBUG: argc=%d, command=%s\n", argc, command);
 #endif
-    return ExecuteOnHost((UBYTE *)command);
-}
+    if (!ExecuteOnHost((UBYTE *)command)) {
+        printf("Failed to execute command on host\n");
+        return HOST_RETURN_ERROR;
+    }
+    return 0;
+}
diff --git a/src/host-shell.c b/src/host-shell.c
diff --git a/src/host_common.h b/src/host_common.h
diff --git a/src/uae_pragmas.h b/src/uae_pragmas.h
