diff -r a94cf2e94492 -r 38bf6dd8f4e7 src/server/util/util.c
--- a/src/server/util/util.c	Sun Oct 23 11:12:12 2016 +0200
+++ b/src/server/util/util.c	Wed Oct 26 15:53:56 2016 +0200
@@ -149,10 +149,11 @@
 
 NSAPI_PUBLIC char *util_env_str(const char *name, const char *value) {
     char *t;
+    
+    size_t len = strlen(name) + strlen(value) + 2;
+    t = (char *) MALLOC(len); /* 2: '=' and '\0' */
 
-    t = (char *) MALLOC(strlen(name)+strlen(value)+2); /* 2: '=' and '\0' */
-
-    sprintf(t, "%s=%s", name, value);
+    snprintf(t, len, "%s=%s", name, value);
 
     return t;
 }
@@ -182,6 +183,24 @@
 }
 
 
+/* ---------------------------- util_sh_escape ---------------------------- */
+
+
+NSAPI_PUBLIC char *util_sh_escape(char *s)
+{
+    char *ns = (char *) MALLOC(strlen(s) * 2 + 1);   /* worst case */
+    register char *t, *u;
+
+    for(t = s, u = ns; *t; ++t, ++u) {
+        if(strchr("&;`'\"|*?~<>^()[]{}$\\ #!", *t))
+            *u++ = '\\';
+        *u = *t;
+    }
+    *u = '\0';
+    return ns;
+}
+
+
 /* ---------------------------- util_env_find ----------------------------- */