From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from scc-mailout.scc.kit.edu (scc-mailout.scc.kit.edu [129.13.185.201])
	by krisdoz.my.domain (8.14.3/8.14.3) with ESMTP id p3UMxYJo006059
	for <tech@mdocml.bsd.lv>; Sat, 30 Apr 2011 18:59:35 -0400 (EDT)
Received: from hekate.usta.de (asta-nat.asta.uni-karlsruhe.de [172.22.63.82])
	by scc-mailout-01.scc.kit.edu with esmtp (Exim 4.72 #1)
	id 1QGJ8O-0004H3-RY; Sun, 01 May 2011 00:59:32 +0200
Received: from donnerwolke.usta.de ([172.24.96.3])
	by hekate.usta.de with esmtp (Exim 4.72)
	(envelope-from <schwarze@usta.de>)
	id 1QGJ8O-0006u8-Ve; Sun, 01 May 2011 00:59:32 +0200
Received: from iris.usta.de ([172.24.96.5] helo=usta.de)
	by donnerwolke.usta.de with esmtp (Exim 4.69)
	(envelope-from <schwarze@usta.de>)
	id 1QGJ8O-0006XT-TJ; Sun, 01 May 2011 00:59:32 +0200
Received: from schwarze by usta.de with local (Exim 4.72)
	(envelope-from <schwarze@usta.de>)
	id 1QGJ8O-0005py-SN; Sun, 01 May 2011 00:59:32 +0200
Date: Sun, 1 May 2011 00:59:32 +0200
From: Ingo Schwarze <schwarze@usta.de>
To: tech@mdocml.bsd.lv
Cc: Jason McIntyre <jmc@cava.myzen.co.uk>
Subject: Re: [PATCH] \N'nnn' protection.
Message-ID: <20110430225932.GB9889@iris.usta.de>
References: <4DBC8F27.3040600@bsd.lv>
X-Mailinglist: mdocml-tech
Reply-To: tech@mdocml.bsd.lv
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4DBC8F27.3040600@bsd.lv>
User-Agent: Mutt/1.5.21 (2010-09-15)

Hi Kristaps,

Kristaps Dzonsons wrote on Sun, May 01, 2011 at 12:37:27AM +0200:

> Enclosed is a patch to limit possible \N'nnn' escapes.  \N
> transforms the number 'nnn' into its character representation and is
> marked as "for backwards compatibility" in mandoc_char(7).
> 
> I can only find manuals using this for the double-quote \N'34', so
> this seems safe, but maybe one of you knows of crazy \N usage that
> would inspire me to re-think.

None known, and little wonder, as it would be a bad idea because it's
inherently non-portable even among systems supporting \N.

> However, throwing, e.g., the \b
> character in there will cause at least -Tps and -Tpdf to puke.
> 
> Thoughts?

Maybe isprint(3)?

Yours,
  Ingo

> Index: chars.c
> ===================================================================
> RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/chars.c,v
> retrieving revision 1.39
> diff -u -r1.39 chars.c
> --- chars.c	30 Apr 2011 22:24:31 -0000	1.39
> +++ chars.c	30 Apr 2011 22:31:11 -0000
> @@ -20,6 +20,7 @@
>  #endif
>  
>  #include <assert.h>
> +#include <ctype.h>
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <string.h>
> @@ -148,12 +149,10 @@
>  		return('\0');
>  
>  	i = atoi(p);
> -	/* 
> -	 * FIXME:
> -	 * This is wrong.  Anything could be written here!
> -	 * This should be carefully screened for possible characters.
> -	 */
> -	return(i <= 0 || i > 255 ? '\0' : (char)i);
> +	if (isalnum(i) || ispunct(i) || ' ' == (char)i)
> +		return(i);
> +
> +	return('\0');
>  }
>  
>  

--
 To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv