Use virBufferEscapeShell in virNetSocketNewConnectSSH

to escape the netcat command since it's passed to the shell. Adjust
expected test case output accordingly.

src/rpc/virnetsocket.c

@@ -612,7 +612,10 @@ int virNetSocketNewConnectSSH(const char *nodename,
                               const char *path,
                               virNetSocketPtr *retsock)
 {
+    char *quoted;
     virCommandPtr cmd;
+    virBuffer buf = VIR_BUFFER_INITIALIZER;
+
     *retsock = NULL;
 
     cmd = virCommandNew(binary ? binary : "ssh");
@@ -639,6 +642,14 @@ int virNetSocketNewConnectSSH(const char *nodename,
         netcat = "nc";
 
     virCommandAddArgList(cmd, nodename, "sh", "-c", NULL);
+
+    virBufferEscapeShell(&buf, netcat);
+    if (virBufferError(&buf)) {
+        virBufferFreeAndReset(&buf);
+        virReportOOMError();
+        return -1;
+    }
+    quoted = virBufferContentAndReset(&buf);
     /*
      * This ugly thing is a shell script to detect availability of
      * the -q option for 'nc': debian and suse based distros need this
@@ -650,14 +661,15 @@ int virNetSocketNewConnectSSH(const char *nodename,
      * behavior.
      */
     virCommandAddArgFormat(cmd,
-         "'if %s -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
+         "'if '%s' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
              "ARG=-q0;"
          "else "
              "ARG=;"
          "fi;"
-         "%s $ARG -U %s'",
-         netcat, netcat, path);
+         "'%s' $ARG -U %s'",
+         quoted, quoted, path);
 
+    VIR_FREE(quoted);
     return virNetSocketNewConnectCommand(cmd, retsock);
 }
 

tests/virnetsockettest.c

@@ -496,12 +496,12 @@ mymain(void)
     struct testSSHData sshData1 = {
         .nodename = "somehost",
         .path = "/tmp/socket",
-        .expectOut = "somehost sh -c 'if nc -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
+        .expectOut = "somehost sh -c 'if 'nc' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
                                          "ARG=-q0;"
                                      "else "
                                          "ARG=;"
                                      "fi;"
-                                     "nc $ARG -U /tmp/socket'\n",
+                                     "'nc' $ARG -U /tmp/socket'\n",
     };
     if (virtTestRun("SSH test 1", 1, testSocketSSH, &sshData1) < 0)
         ret = -1;
@@ -515,12 +515,12 @@ mymain(void)
         .noVerify = false,
         .path = "/tmp/socket",
         .expectOut = "-p 9000 -l fred -T -o BatchMode=yes -e none somehost sh -c '"
-                     "if netcat -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
+                     "if 'netcat' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
                          "ARG=-q0;"
                      "else "
                          "ARG=;"
                      "fi;"
-                     "netcat $ARG -U /tmp/socket'\n",
+                     "'netcat' $ARG -U /tmp/socket'\n",
     };
     if (virtTestRun("SSH test 2", 1, testSocketSSH, &sshData2) < 0)
         ret = -1;
@@ -534,12 +534,12 @@ mymain(void)
         .noVerify = true,
         .path = "/tmp/socket",
         .expectOut = "-p 9000 -l fred -o StrictHostKeyChecking=no somehost sh -c '"
-                     "if netcat -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
+                     "if 'netcat' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
                          "ARG=-q0;"
                      "else "
                          "ARG=;"
                      "fi;"
-                     "netcat $ARG -U /tmp/socket'\n",
+                     "'netcat' $ARG -U /tmp/socket'\n",
     };
     if (virtTestRun("SSH test 3", 1, testSocketSSH, &sshData3) < 0)
         ret = -1;
@@ -556,12 +556,12 @@ mymain(void)
         .nodename = "crashyhost",
         .path = "/tmp/socket",
         .expectOut = "crashyhost sh -c "
-                     "'if nc -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
+                     "'if 'nc' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
                          "ARG=-q0;"
                      "else "
                          "ARG=;"
                      "fi;"
-                     "nc $ARG -U /tmp/socket'\n",
+                     "'nc' $ARG -U /tmp/socket'\n",
         .dieEarly = true,
     };
     if (virtTestRun("SSH test 5", 1, testSocketSSH, &sshData5) < 0)
@@ -573,16 +573,30 @@ mymain(void)
         .keyfile = "/root/.ssh/example_key",
         .noVerify = true,
         .expectOut = "-i /root/.ssh/example_key -o StrictHostKeyChecking=no example.com sh -c '"
-                     "if nc -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
+                     "if 'nc' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
                          "ARG=-q0;"
                      "else "
                          "ARG=;"
                      "fi;"
-                     "nc $ARG -U /tmp/socket'\n",
+                     "'nc' $ARG -U /tmp/socket'\n",
     };
     if (virtTestRun("SSH test 6", 1, testSocketSSH, &sshData6) < 0)
         ret = -1;
 
+    struct testSSHData sshData7 = {
+        .nodename = "somehost",
+        .netcat = "nc -4",
+        .path = "/tmp/socket",
+        .expectOut = "somehost sh -c 'if ''nc -4'' -q 2>&1 | grep \"requires an argument\" >/dev/null 2>&1; then "
+                                         "ARG=-q0;"
+                                     "else "
+                                         "ARG=;"
+                                     "fi;"
+                                     "''nc -4'' $ARG -U /tmp/socket'\n",
+    };
+    if (virtTestRun("SSH test 7", 1, testSocketSSH, &sshData7) < 0)
+        ret = -1;
+
 #endif
 
     return (ret==0 ? EXIT_SUCCESS : EXIT_FAILURE);