[git] GnuPG - branch, master, updated. gnupg-2.2.1-74-gccf3ba9

by NIIBE Yutaka cvs at cvs.gnupg.org
Thu Nov 9 07:38:54 CET 2017


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  ccf3ba92087e79abdeaa0208795829b431c6f201 (commit)
      from  68284e1509490a68adcc6019a5bf8fb3674d3807 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ccf3ba92087e79abdeaa0208795829b431c6f201
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Nov 9 14:03:22 2017 +0900

    g10: Fix regexp sanitization.
    
    * g10/trustdb.c (sanitize_regexp): Only escape operators.
    
    --
    
    To sanitize a regular expression, quoting by backslash should be only
    done for defined characters.  POSIX defines 12 characters including
    dot and backslash.
    
    Quoting other characters is wrong, in two ways; It may build an
    operator like: \b, \s, \w when using GNU library.  Case ignored match
    doesn't work, because quoting lower letter means literally and no
    much to upper letter.
    
    GnuPG-bug-id: 2923
    Co-authored-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 92c1ca5..0a98c12 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1505,6 +1505,10 @@ store_validation_status (ctrl_t ctrl, int depth,
 /* Returns a sanitized copy of the regexp (which might be "", but not
    NULL). */
 #ifndef DISABLE_REGEX
+/* Operator charactors except '.' and backslash.
+   See regex(7) on BSD.  */
+#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
+
 static char *
 sanitize_regexp(const char *old)
 {
@@ -1544,7 +1548,7 @@ sanitize_regexp(const char *old)
     {
       if(!escaped && old[start]=='\\')
 	escaped=1;
-      else if(!escaped && old[start]!='.')
+      else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
 	new[idx++]='\\';
       else
 	escaped=0;

-----------------------------------------------------------------------

Summary of changes:
 g10/trustdb.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org




More information about the Gnupg-commits mailing list