[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.3-8-g0d0b9eb

by NIIBE Yutaka cvs at cvs.gnupg.org
Mon Dec 4 11:42:18 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  0d0b9eb0d4f99e8d293a4ce4b90921a879905115 (commit)
      from  8a2917345ba88159bce6153b54706e701564f189 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0d0b9eb0d4f99e8d293a4ce4b90921a879905115
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Nov 9 14:03:22 2017 +0900

    g10: Fix regexp sanitization.
    
    * g10/trustdb.c (sanitize_regexp): Only escape operators.
    
    --
    
    Backport from master commit:
    	ccf3ba92087e79abdeaa0208795829b431c6f201
    
    To sanitize a regular expression, quoting by backslash should be only
    done for defined characters.  POSIX defines 12 characters including
    dot and backslash.
    
    Quoting other characters is wrong, in two ways; It may build an
    operator like: \b, \s, \w when using GNU library.  Case ignored match
    doesn't work, because quoting lower letter means literally and no
    much to upper letter.
    
    GnuPG-bug-id: 2923
    Co-authored-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 92c1ca5..0a98c12 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1505,6 +1505,10 @@ store_validation_status (ctrl_t ctrl, int depth,
 /* Returns a sanitized copy of the regexp (which might be "", but not
    NULL). */
 #ifndef DISABLE_REGEX
+/* Operator charactors except '.' and backslash.
+   See regex(7) on BSD.  */
+#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
+
 static char *
 sanitize_regexp(const char *old)
 {
@@ -1544,7 +1548,7 @@ sanitize_regexp(const char *old)
     {
       if(!escaped && old[start]=='\\')
 	escaped=1;
-      else if(!escaped && old[start]!='.')
+      else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
 	new[idx++]='\\';
       else
 	escaped=0;

-----------------------------------------------------------------------

Summary of changes:
 g10/trustdb.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list