mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
g10: Fix regexp sanitization.
* g10/trustdb.c (sanitize_regexp): Only escape operators. -- Backport from master commit: ccf3ba92087e79abdeaa0208795829b431c6f201 To sanitize a regular expression, quoting by backslash should be only done for defined characters. POSIX defines 12 characters including dot and backslash. Quoting other characters is wrong, in two ways; It may build an operator like: \b, \s, \w when using GNU library. Case ignored match doesn't work, because quoting lower letter means literally and no much to upper letter. GnuPG-bug-id: 2923 Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
2cdc378342
commit
9441946e18
@ -1817,6 +1817,11 @@ clean_key(KBNODE keyblock,int noisy,int self_only,
|
|||||||
|
|
||||||
/* Returns a sanitized copy of the regexp (which might be "", but not
|
/* Returns a sanitized copy of the regexp (which might be "", but not
|
||||||
NULL). */
|
NULL). */
|
||||||
|
#ifndef DISABLE_REGEX
|
||||||
|
/* Operator charactors except '.' and backslash.
|
||||||
|
See regex(7) on BSD. */
|
||||||
|
#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
|
||||||
|
|
||||||
static char *
|
static char *
|
||||||
sanitize_regexp(const char *old)
|
sanitize_regexp(const char *old)
|
||||||
{
|
{
|
||||||
@ -1856,7 +1861,7 @@ sanitize_regexp(const char *old)
|
|||||||
{
|
{
|
||||||
if(!escaped && old[start]=='\\')
|
if(!escaped && old[start]=='\\')
|
||||||
escaped=1;
|
escaped=1;
|
||||||
else if(!escaped && old[start]!='.')
|
else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
|
||||||
new[idx++]='\\';
|
new[idx++]='\\';
|
||||||
else
|
else
|
||||||
escaped=0;
|
escaped=0;
|
||||||
@ -1877,6 +1882,7 @@ sanitize_regexp(const char *old)
|
|||||||
|
|
||||||
return new;
|
return new;
|
||||||
}
|
}
|
||||||
|
#endif /*!DISABLE_REGEX*/
|
||||||
|
|
||||||
/* Used by validate_one_keyblock to confirm a regexp within a trust
|
/* Used by validate_one_keyblock to confirm a regexp within a trust
|
||||||
signature. Returns 1 for match, and 0 for no match or regex
|
signature. Returns 1 for match, and 0 for no match or regex
|
||||||
|
Loading…
x
Reference in New Issue
Block a user