Validate GPHDFS URL before calling execl() with it

Four characters "'", "\", "<", ">" could cause shell injection in
gphdfs. This quick fix filters out them to avoid the security issue.
Signed-off-by: NHaozhou Wang <hawang@pivotal.io>
Signed-off-by: NPeifeng Qiu <pqiu@pivotal.io>

gpAux/extensions/gphdfs/gphdfsprotocol.c

@@ -206,6 +206,24 @@ quoteArgument(char* value)
 	return quotedVal.data;
 }
 
+static bool hasIllegalCharacters(char *str)
+{
+	if (str == NULL)
+	{
+		return false;
+	}
+
+	for (; *str; str++)
+	{
+		if (*str == '\\' || *str == '\'' || *str == '<' || *str == '>')
+		{
+			return true;
+		}
+	}
+
+	return false;
+}
+
 /**
  * Open/Init of the gphdfs protocol
  *
@@ -299,6 +317,15 @@ static URL_FILE
 	 * Note: gp_hadoop_connector_version does not need to be quoted
 	 *       because we've verified it in checkHadoopGUCs().
 	 */
+
+	/* Note: if url is passed with E prefix, quote simply quote has no effect,
+	 * we filter some dangerous chararacters right now. */
+	char* url_user = EXTPROTOCOL_GET_URL(fcinfo);
+	if (hasIllegalCharacters(url_user))
+	{
+		ereport(ERROR, (0, errmsg("illegal char in url")));
+	}
+
 	url = quoteArgument(EXTPROTOCOL_GET_URL(fcinfo));
 	initStringInfo(&cmd);
 	appendStringInfo(&cmd, "%s%s %s %s %s", env_cmd.data, java_cmd, format,
@@ -521,5 +548,12 @@ gphdfsprotocol_validate_urls(PG_FUNCTION_ARGS)
                     (errcode(ERRCODE_PROTOCOL_VIOLATION),
                      errmsg("number of URLs must be one")));
 
+	/* Check for illegal characters. */
+	char* url_user = EXTPROTOCOL_VALIDATOR_GET_NTH_URL(fcinfo, 1);
+	if (hasIllegalCharacters(url_user))
+	{
+		ereport(ERROR, (0, errmsg("illegal char in url")));
+	}
+
 	PG_RETURN_VOID();
 }