Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/bin/sh When processing character classes ([:xxx:] inside [])...



details:   https://anonhg.NetBSD.org/src/rev/b0e37d901cf9
branches:  trunk
changeset: 362717:b0e37d901cf9
user:      kre <kre%NetBSD.org@localhost>
date:      Fri Jun 22 18:19:41 2018 +0000

description:
When processing character classes ([:xxx:] inside []), treat a class name
that is longer than we can handle the same way we treat an unknown
class name (as a valid char class which contains nothing, so never
matches).   Previously a "too long" class name invalidated the
class, so [:very-long-name:] would match any of  '[' ':' 'v'  ...
(note: "very-long-name" is not long enough to trigger this, but you
get the idea!)

However, the name itself has a restricted syntax ([[:***:]] is not a
character class, it is a match for one of a '[' ':' or '*', followed by
a ']') which we did not implement - check the syntax of the name before
treating it as a character class (but we do add '_' to alphanumerics
as legal class name characters).

diffstat:

 bin/sh/expand.c |  19 +++++++++++++------
 1 files changed, 13 insertions(+), 6 deletions(-)

diffs (50 lines):

diff -r f2ffe27202ad -r b0e37d901cf9 bin/sh/expand.c
--- a/bin/sh/expand.c   Fri Jun 22 17:31:24 2018 +0000
+++ b/bin/sh/expand.c   Fri Jun 22 18:19:41 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: expand.c,v 1.122 2018/06/22 17:22:34 kre Exp $ */
+/*     $NetBSD: expand.c,v 1.123 2018/06/22 18:19:41 kre Exp $ */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)expand.c   8.5 (Berkeley) 5/15/95";
 #else
-__RCSID("$NetBSD: expand.c,v 1.122 2018/06/22 17:22:34 kre Exp $");
+__RCSID("$NetBSD: expand.c,v 1.123 2018/06/22 18:19:41 kre Exp $");
 #endif
 #endif /* not lint */
 
@@ -1659,12 +1659,20 @@
        *end = NULL;
        p++;
        nameend = strstr(p, ":]");
-       if (nameend == NULL || (size_t)(nameend - p) >= sizeof(name) ||
-           nameend == p)
+       if (nameend == NULL || nameend == p)    /* not a valid class */
                return 0;
+
+       if (!is_alpha(*p) || strspn(p,          /* '_' is a local extension */
+           "0123456789"  "_"
+           "abcdefghijklmnopqrstuvwxyz"
+           "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != (size_t)(nameend - p))
+               return 0;
+
+       *end = nameend + 2;             /* committed to it being a char class */
+       if ((size_t)(nameend - p) >= sizeof(name))      /* but too long */
+               return 0;                               /* so no match */
        memcpy(name, p, nameend - p);
        name[nameend - p] = '\0';
-       *end = nameend + 2;
        cclass = wctype(name);
        /* An unknown class matches nothing but is valid nevertheless. */
        if (cclass == 0)
@@ -1673,7 +1681,6 @@
 }
 
 
-
 /*
  * Returns true if the pattern matches the string.
  */



Home | Main Index | Thread Index | Old Index