g10: Fix regexp sanitization.

* g10/trustdb.c (sanitize_regexp): Only escape operators. -- Backport from master commit: ccf3ba9208 To sanitize a regular expression, quoting by backslash should be only done for defined characters. POSIX defines 12 characters including dot and backslash. Quoting other characters is wrong, in two ways; It may build an operator like: \b, \s, \w when using GNU library. Case ignored match doesn't work, because quoting lower letter means literally and no much to upper letter. GnuPG-bug-id: 2923 Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-09 14:03:22 +09:00 · 2017-11-09 14:03:22 +09:00 · 9441946e18
parent 2cdc378342
commit 9441946e18
1 changed files with 7 additions and 1 deletions
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -1817,6 +1817,11 @@ clean_key(KBNODE keyblock,int noisy,int self_only,

 /* Returns a sanitized copy of the regexp (which might be "", but not
   NULL). */
+#ifndef DISABLE_REGEX
+/* Operator charactors except '.' and backslash.
+   See regex(7) on BSD.  */
+#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
+
 static char *
 sanitize_regexp(const char *old)
 {
@ -1856,7 +1861,7 @@ sanitize_regexp(const char *old)
    {
      if(!escaped && old[start]=='\\')
 	escaped=1;
-      else if(!escaped && old[start]!='.')
+      else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
 	new[idx++]='\\';
      else
 	escaped=0;
@ -1877,6 +1882,7 @@ sanitize_regexp(const char *old)

  return new;
 }
+#endif /*!DISABLE_REGEX*/

 /* Used by validate_one_keyblock to confirm a regexp within a trust
   signature.  Returns 1 for match, and 0 for no match or regex