security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

g10: Fix regexp sanitization.

Browse Source 
* g10/trustdb.c (sanitize_regexp): Only escape operators.

--

Backport from master commit:
	ccf3ba92087e79abdeaa0208795829b431c6f201

To sanitize a regular expression, quoting by backslash should be only
done for defined characters.  POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library.  Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2017-11-09 14:03:22 +09:00
parent 8a2917345b
commit 0d0b9eb0d4
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
g10/trustdb.c
View File

@ -1505,6 +1505,10 @@ store_validation_status (ctrl_t ctrl, int depth,
/* Returns a sanitized copy of the regexp (which might be "", but not /* Returns a sanitized copy of the regexp (which might be "", but not
NULL). */ NULL). */
#ifndef DISABLE_REGEX #ifndef DISABLE_REGEX
/* Operator charactors except '.' and backslash.
See regex(7) on BSD. */
#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
static char * static char *
sanitize_regexp(const char *old) sanitize_regexp(const char *old)
{ {
@ -1544,7 +1548,7 @@ sanitize_regexp(const char *old)
{ {
if(!escaped && old[start]=='\\') if(!escaped && old[start]=='\\')
escaped=1; escaped=1;
else if(!escaped && old[start]!='.') else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
new[idx++]='\\'; new[idx++]='\\';
else else
escaped=0; escaped=0;