$OpenBSD: patch-zio_c,v 1.1 2005/03/06 01:31:11 naddy Exp $
--- zio.c.orig	Sat Mar  5 21:32:19 2005
+++ zio.c	Sat Mar  5 21:41:06 2005
@@ -210,9 +210,30 @@ ZFILE *zopen(name)
     if ((strlen(name) > strlen(filter->extension)) &&
 	!strcmp(filter->extension,
 		name + (strlen(name) - strlen(filter->extension)))) {
+      char *fname, *t, *s;
+
+      /* meta-char protection
+       *
+       * protect in single quotes, replacing single quotes
+       * with '\'', so worst-case expansion is 4x
+       */
+
+      s = fname = (char *)lmalloc(1 + (4 * strlen(name)) + 1 + 1);
+      *s++ = '\'';
+      for (t = name; *t; t++) {
+	if (*t == '\'') {
+	  /* 'foo'bar' -> 'foo'\''bar' */
+	  *s++ = '\''; *s++ = '\\'; *s++ = '\''; *s++ = '\'';
+	}
+	else {
+	  *s++ = *t;
+	}
+      }
+      *s++ = '\'';
+      *s++ = '\0';
       debug(("Filtering image through '%s'\n", filter->filter));
       zf->type= ZPIPE;
-      sprintf(buf, "%s %s", filter->filter, name);
+      sprintf(buf, "%s %s", filter->filter, fname);
       if (! (zf->stream= popen(buf, "r"))) {
 	lfree((byte *)zf->filename);
 	zf->filename= NULL;
