+
+/* Quote 'in' for the shell, and write max len-1 bytes to out. The
+ * result will be NUL-terminated, even if it is truncated.
+ *
+ * Returns number of bytes needed, so if result >= len then the buffer
+ * should have been longer.
+ *
+ * XXX This doesn't quote \n correctly (but is still safe).
+ */
+int
+shell_quote (char *out, int len, const char *in)
+{
+#define SAFE(c) (isalnum((c)) || \
+ (c) == '/' || (c) == '-' || (c) == '_' || (c) == '.')
+ int i, j;
+ int outlen = strlen (in);
+
+ /* Calculate how much output space this really needs. */
+ for (i = 0; in[i]; ++i)
+ if (!SAFE (in[i])) outlen++;
+
+ /* Now copy the string, but only up to len-1 bytes. */
+ for (i = 0, j = 0; in[i]; ++i) {
+ int is_safe = SAFE (in[i]);
+
+ /* Enough space left to write this character? */
+ if (j >= len-1 || (!is_safe && j >= len-2))
+ break;
+
+ if (!is_safe) out[j++] = '\\';
+ out[j++] = in[i];
+ }
+
+ out[j] = '\0';
+
+ return outlen;
+}