0

I am working on a simple application which should encrypt a string given by the command line and then write it to the registry. Unfortunately I am having trouble if the password contains special characters like " & < > | .So for example:

Encrypt.exe /Password:Password /reg       --> works fine
Encrypt.exe /Password:Password"&<>| /reg  --> the password variable contains: Password&<>| /reg which is wrong
Encrypt.exe /Password:Password&<>|        --> this outputs: "> was unexpected at this time." but no idea where this text is coming from
Encrypt.exe /Password:"Password&<>|"      --> this works, but note that the password can't contains a " char and the encrypted/decrypted string will contain a " at the beginning and at the end

So my question is, how do I pass the string Password&<>| correctly to my application?

double-beep
  • 5,031
  • 17
  • 33
  • 41
kampi
  • 2,362
  • 12
  • 52
  • 91
  • Not really a C++ question. Rather a Powershell or CMD.exe question. – Botje Feb 01 '19 at 12:23
  • 2
    Use double quotes around the argument and backslash the double quotes in the password : `"Password\"&<>|"` ->`Password"&<>|` – Tezirg Feb 01 '19 at 12:23
  • @Tezirg: yes that would work, but the point is, that I don't know the password. The user has to enter it. – kampi Feb 01 '19 at 12:35
  • Note, for CMD, the escaping rules are subtly different for commands typed on the command line, versus commands executed from within a `*.BAT` or `*.CMD` script. (Not sure if that is relevant in this scenario.) – Eljay Feb 01 '19 at 12:36
  • Assuming this is VC++, then double quotes are used to ignore white space when parsing the command line as the `argv` array. In this case the double quotes will not be present in the corresponding `argv` element, i.e. `argv[1]` will be `/Password:Password&<>|`. A literal quote is included by escaping it with backslash. These are the only rules you have to document. – Eryk Sun Feb 01 '19 at 12:49
  • It happens that for the CMD shell, double quotes also escape most special characters -- except for percent (%), which isn't really possible to escape in a CMD command line, only in batch scripts by doubling it (%%). But PowerShell is different. bash is different. Running your program directly via `CreateProcess` is different. You don't have to worry about any of this. It's not your problem how the user chooses to run your program. – Eryk Sun Feb 01 '19 at 12:51
  • @eryksun: the problem is, that is the user enters his/her password, and if the password contains a `"` then it will throw an error as described above – kampi Feb 01 '19 at 12:55
  • @eryksun: so should I just check if the password contains a `"` and if yes then escape it with a `\`? – kampi Feb 01 '19 at 13:00
  • These are the [parsing rules](https://learn.microsoft.com/en-us/cpp/cpp/parsing-cpp-command-line-arguments?view=vs-2017) for VC++ `argv` and `CommandLineToArgvW`. Either you document that a literal quote has to be escaped, or you forget about all of this and do your own parsing from the unprocessed command line from `GetCommandLineW`. – Eryk Sun Feb 01 '19 at 13:00
  • Did you try `"/Password:%PASSWORD%"`, where the `PASSWORD` environment variable contains the password entered by the user? – David R Tribble Feb 01 '19 at 17:34
  • @DavidRTribble: Thank you! That worked! If you post it as an answear I could accept it. – kampi Feb 08 '19 at 22:41

1 Answers1

4

To escape certain characters in a .bat file: 

&   use  ^&
<   use  ^<
>   use  ^>
|   use  ^|
"   use  ""

For reference: https://www.robvanderwoude.com/escapechars.php

user2066337
  • 98
  • 8