[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.22-11-g9441946

by NIIBE Yutaka cvs at cvs.gnupg.org
Mon Dec 4 11:42:07 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  9441946e1824eb58249c58432ed1f554d0d8a102 (commit)
      from  2cdc37834261142504de5ea9f8aff51428b423f3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9441946e1824eb58249c58432ed1f554d0d8a102
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Nov 9 14:03:22 2017 +0900

    g10: Fix regexp sanitization.
    
    * g10/trustdb.c (sanitize_regexp): Only escape operators.
    
    --
    
    Backport from master commit:
    	ccf3ba92087e79abdeaa0208795829b431c6f201
    
    To sanitize a regular expression, quoting by backslash should be only
    done for defined characters.  POSIX defines 12 characters including
    dot and backslash.
    
    Quoting other characters is wrong, in two ways; It may build an
    operator like: \b, \s, \w when using GNU library.  Case ignored match
    doesn't work, because quoting lower letter means literally and no
    much to upper letter.
    
    GnuPG-bug-id: 2923
    Co-authored-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 1e3ef5f..13fa321 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1817,6 +1817,11 @@ clean_key(KBNODE keyblock,int noisy,int self_only,
 
 /* Returns a sanitized copy of the regexp (which might be "", but not
    NULL). */
+#ifndef DISABLE_REGEX
+/* Operator charactors except '.' and backslash.
+   See regex(7) on BSD.  */
+#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
+
 static char *
 sanitize_regexp(const char *old)
 {
@@ -1856,7 +1861,7 @@ sanitize_regexp(const char *old)
     {
       if(!escaped && old[start]=='\\')
 	escaped=1;
-      else if(!escaped && old[start]!='.')
+      else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
 	new[idx++]='\\';
       else
 	escaped=0;
@@ -1877,6 +1882,7 @@ sanitize_regexp(const char *old)
 
   return new;
 }
+#endif /*!DISABLE_REGEX*/
 
 /* Used by validate_one_keyblock to confirm a regexp within a trust
    signature.  Returns 1 for match, and 0 for no match or regex

-----------------------------------------------------------------------

Summary of changes:
 g10/trustdb.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list