mirror of git://git.gnupg.org/gnupg.git
g10: Fix regexp sanitization.
* g10/trustdb.c (sanitize_regexp): Only escape operators.
--
Backport from master commit:
ccf3ba9208
To sanitize a regular expression, quoting by backslash should be only
done for defined characters. POSIX defines 12 characters including
dot and backslash.
Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library. Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.
GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
67cd81ed90
commit
9ba0e2c76c
|
@ -1823,6 +1823,10 @@ clean_key(KBNODE keyblock,int noisy,int self_only,
|
|||
/* Returns a sanitized copy of the regexp (which might be "", but not
|
||||
NULL). */
|
||||
#ifndef DISABLE_REGEX
|
||||
/* Operator charactors except '.' and backslash.
|
||||
See regex(7) on BSD. */
|
||||
#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
|
||||
|
||||
static char *
|
||||
sanitize_regexp(const char *old)
|
||||
{
|
||||
|
@ -1862,7 +1866,7 @@ sanitize_regexp(const char *old)
|
|||
{
|
||||
if(!escaped && old[start]=='\\')
|
||||
escaped=1;
|
||||
else if(!escaped && old[start]!='.')
|
||||
else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
|
||||
new[idx++]='\\';
|
||||
else
|
||||
escaped=0;
|
||||
|
|
Loading…
Reference in New Issue