[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-31-g9ba0e2c

by NIIBE Yutaka cvs at cvs.gnupg.org
Mon Dec 4 11:41:54 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  9ba0e2c76c0c040e69e50ed9d89eadb3269052f9 (commit)
      from  67cd81ed90ad88cbe607b7f7d1a0b1e08b8ac1f1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9ba0e2c76c0c040e69e50ed9d89eadb3269052f9
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Nov 9 14:03:22 2017 +0900

    g10: Fix regexp sanitization.
    
    * g10/trustdb.c (sanitize_regexp): Only escape operators.
    
    --
    
    Backport from master commit:
    	ccf3ba92087e79abdeaa0208795829b431c6f201
    
    To sanitize a regular expression, quoting by backslash should be only
    done for defined characters.  POSIX defines 12 characters including
    dot and backslash.
    
    Quoting other characters is wrong, in two ways; It may build an
    operator like: \b, \s, \w when using GNU library.  Case ignored match
    doesn't work, because quoting lower letter means literally and no
    much to upper letter.
    
    GnuPG-bug-id: 2923
    Co-authored-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index c9c8891..bc90161 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1823,6 +1823,10 @@ clean_key(KBNODE keyblock,int noisy,int self_only,
 /* Returns a sanitized copy of the regexp (which might be "", but not
    NULL). */
 #ifndef DISABLE_REGEX
+/* Operator charactors except '.' and backslash.
+   See regex(7) on BSD.  */
+#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
+
 static char *
 sanitize_regexp(const char *old)
 {
@@ -1862,7 +1866,7 @@ sanitize_regexp(const char *old)
     {
       if(!escaped && old[start]=='\\')
 	escaped=1;
-      else if(!escaped && old[start]!='.')
+      else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
 	new[idx++]='\\';
       else
 	escaped=0;

-----------------------------------------------------------------------

Summary of changes:
 g10/trustdb.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list