From 0930a98bb22ea65f3c6e9debdf56da70f485800d Mon Sep 17 00:00:00 2001
From: Martti T <desinformatsioon@gmail.com>
Date: Sun, 12 Apr 2020 19:55:25 +0300
Subject: [PATCH] escape stty cmd before executing it (#54)

* escape stty cmd before executing it
---
 CHANGELOG.md                        | 5 ++++-
 src/Network/SerialStreamCreator.php | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e99aba..0c98e9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,8 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [2.0.1] - 2020-04-12
 
+### Security
+
+* Escape stty command for SerialStreamCreator to avoid unescaped arguments (#54)
 
 ## [2.0.0] - 2020-04-07
 
diff --git a/src/Network/SerialStreamCreator.php b/src/Network/SerialStreamCreator.php
index ad4498f..249c673 100644
--- a/src/Network/SerialStreamCreator.php
+++ b/src/Network/SerialStreamCreator.php
@@ -55,7 +55,8 @@ public function createStream(BinaryStreamConnection $conn)
         $device = $conn->getUri();
 
         $sttyModes = implode(' ', $this->sttyModes);
-        $sttyResult = exec("stty -F ${device} ${sttyModes}");
+        $cmd = escapeshellcmd("stty -F ${device} ${sttyModes}");
+        $sttyResult = exec($cmd);
         if ($sttyResult === false) {
             throw new IOException('stty failed to configure device');
         }