From f9c7a47b6a89e8bfd0818692db0577da01d1de3b Mon Sep 17 00:00:00 2001
From: Axel Burri <axel@tty0.ch>
Date: Sun, 20 Nov 2022 15:57:23 +0100
Subject: [PATCH] btrbk: use substitutions in printf

Avoid possible interpreted sequence from values (e.g. from FILE).
---
 btrbk | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/btrbk b/btrbk
index 2c7e4dc..ed13d41 100755
--- a/btrbk
+++ b/btrbk
@@ -2092,14 +2092,16 @@ sub system_write_raw_info($$;@)
 
   # sort by %raw_info_sort, then by key
   my @line = $append ? () : ("#btrbk-v$VERSION", "# Do not edit this file");
+  my @subst;
   push @line, '#t=' . time;
   foreach(sort { (($raw_info_sort{$a} // 99) <=> ($raw_info_sort{$b} // 99)) || ($a cmp $b) } keys %$raw_info) {
-    push @line, ($_ . '=' . $raw_info->{$_});
+    push @line, ($_ . '=%s');
+    push @subst, $raw_info->{$_};
   }
 
   DEBUG "Writing (" . ($append ? "append:" . join(",", keys %$raw_info) : "create") . ") raw info file: $info_file";
   my $ret = run_cmd(
-    { cmd => [ 'printf', quoteshell(join('\n', @line) . '\n') ] },
+    { cmd => [ 'printf', quoteshell(join('\n', @line, "")), map quoteshell($_), @subst ] },
     { ($append ? "append_to_file" : "redirect_to_file") => { unsafe => $info_file },
       rsh => vinfo_rsh($vol),
     });