Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/bin/sh When processing character classes ([:xxx:] inside [])...
details: https://anonhg.NetBSD.org/src/rev/87fbab491bb9
branches: trunk
changeset: 323605:87fbab491bb9
user: kre <kre%NetBSD.org@localhost>
date: Fri Jun 22 18:19:41 2018 +0000
description:
When processing character classes ([:xxx:] inside []), treat a class name
that is longer than we can handle the same way we treat an unknown
class name (as a valid char class which contains nothing, so never
matches). Previously a "too long" class name invalidated the
class, so [:very-long-name:] would match any of '[' ':' 'v' ...
(note: "very-long-name" is not long enough to trigger this, but you
get the idea!)
However, the name itself has a restricted syntax ([[:***:]] is not a
character class, it is a match for one of a '[' ':' or '*', followed by
a ']') which we did not implement - check the syntax of the name before
treating it as a character class (but we do add '_' to alphanumerics
as legal class name characters).
diffstat:
bin/sh/expand.c | 19 +++++++++++++------
1 files changed, 13 insertions(+), 6 deletions(-)
diffs (50 lines):
diff -r 2dd788812442 -r 87fbab491bb9 bin/sh/expand.c
--- a/bin/sh/expand.c Fri Jun 22 17:31:24 2018 +0000
+++ b/bin/sh/expand.c Fri Jun 22 18:19:41 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: expand.c,v 1.122 2018/06/22 17:22:34 kre Exp $ */
+/* $NetBSD: expand.c,v 1.123 2018/06/22 18:19:41 kre Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)expand.c 8.5 (Berkeley) 5/15/95";
#else
-__RCSID("$NetBSD: expand.c,v 1.122 2018/06/22 17:22:34 kre Exp $");
+__RCSID("$NetBSD: expand.c,v 1.123 2018/06/22 18:19:41 kre Exp $");
#endif
#endif /* not lint */
@@ -1659,12 +1659,20 @@
*end = NULL;
p++;
nameend = strstr(p, ":]");
- if (nameend == NULL || (size_t)(nameend - p) >= sizeof(name) ||
- nameend == p)
+ if (nameend == NULL || nameend == p) /* not a valid class */
return 0;
+
+ if (!is_alpha(*p) || strspn(p, /* '_' is a local extension */
+ "0123456789" "_"
+ "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != (size_t)(nameend - p))
+ return 0;
+
+ *end = nameend + 2; /* committed to it being a char class */
+ if ((size_t)(nameend - p) >= sizeof(name)) /* but too long */
+ return 0; /* so no match */
memcpy(name, p, nameend - p);
name[nameend - p] = '\0';
- *end = nameend + 2;
cclass = wctype(name);
/* An unknown class matches nothing but is valid nevertheless. */
if (cclass == 0)
@@ -1673,7 +1681,6 @@
}
-
/*
* Returns true if the pattern matches the string.
*/
Home |
Main Index |
Thread Index |
Old Index