From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from www.sonnenberger.org (www.sonnenberger.org [92.79.50.50]) by krisdoz.my.domain (8.14.3/8.14.3) with ESMTP id o9QICG6R006074 for ; Tue, 26 Oct 2010 14:12:18 -0400 (EDT) Received: from britannica.bec.de (www.sonnenberger.org [192.168.1.10]) by www.sonnenberger.org (Postfix) with ESMTP id AE92C667D0 for ; Tue, 26 Oct 2010 20:12:08 +0200 (CEST) Received: by britannica.bec.de (Postfix, from userid 1000) id B8514117EF7; Tue, 26 Oct 2010 20:12:52 +0200 (CEST) Date: Tue, 26 Oct 2010 20:12:52 +0200 From: Joerg Sonnenberger To: tech@mdocml.bsd.lv Subject: Re: implement .so Message-ID: <20101026181252.GA4964@britannica.bec.de> Mail-Followup-To: tech@mdocml.bsd.lv References: <20101024164945.GA25275@britannica.bec.de> <20101024172914.GH20876@iris.usta.de> <20101024173857.GA18657@britannica.bec.de> <20101024180019.GI20876@iris.usta.de> <20101024181502.GA13039@britannica.bec.de> <20101024194129.GJ20876@iris.usta.de> <20101024195135.GA1809@britannica.bec.de> <20101025215506.GA12557@iris.usta.de> <20101025221017.GA6533@britannica.bec.de> <20101026175913.GF27536@iris.usta.de> X-Mailinglist: mdocml-tech Reply-To: tech@mdocml.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101026175913.GF27536@iris.usta.de> User-Agent: Mutt/1.5.20 (2009-06-14) On Tue, Oct 26, 2010 at 07:59:13PM +0200, Ingo Schwarze wrote: > So, here is a simplified patch (less than 50 new lines of code, > all very simple) relying on the current working directory. I would like to a see a warning for -T lint, but I am not sure how that could be implemented easily. > +roff_so(ROFF_ARGS) > +{ > + char *name; > + > + name = *bufp + pos; > + if ('/' == *name || strstr(name, "../") || strstr(name, "/..")) { > + (*r->msg)(MANDOCERR_SOPATH, r->data, ln, pos, NULL); > + return(ROFF_ERR); > + } Not sure I like the double use of strstr. What about searching for the rare ".." first? Joerg -- To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv