* [PATCH] \N'nnn' protection.
@ 2011-04-30 22:37 Kristaps Dzonsons
2011-04-30 22:59 ` Ingo Schwarze
0 siblings, 1 reply; 3+ messages in thread
From: Kristaps Dzonsons @ 2011-04-30 22:37 UTC (permalink / raw)
To: tech, Jason McIntyre
[-- Attachment #1: Type: text/plain, Size: 479 bytes --]
Hi,
Enclosed is a patch to limit possible \N'nnn' escapes. \N transforms
the number 'nnn' into its character representation and is marked as "for
backwards compatibility" in mandoc_char(7).
I can only find manuals using this for the double-quote \N'34', so this
seems safe, but maybe one of you knows of crazy \N usage that would
inspire me to re-think. However, throwing, e.g., the \b character in
there will cause at least -Tps and -Tpdf to puke.
Thoughts?
Kristaps
[-- Attachment #2: patch.chars.txt --]
[-- Type: text/plain, Size: 734 bytes --]
Index: chars.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/chars.c,v
retrieving revision 1.39
diff -u -r1.39 chars.c
--- chars.c 30 Apr 2011 22:24:31 -0000 1.39
+++ chars.c 30 Apr 2011 22:31:11 -0000
@@ -20,6 +20,7 @@
#endif
#include <assert.h>
+#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -148,12 +149,10 @@
return('\0');
i = atoi(p);
- /*
- * FIXME:
- * This is wrong. Anything could be written here!
- * This should be carefully screened for possible characters.
- */
- return(i <= 0 || i > 255 ? '\0' : (char)i);
+ if (isalnum(i) || ispunct(i) || ' ' == (char)i)
+ return(i);
+
+ return('\0');
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] \N'nnn' protection.
2011-04-30 22:37 [PATCH] \N'nnn' protection Kristaps Dzonsons
@ 2011-04-30 22:59 ` Ingo Schwarze
2011-04-30 23:18 ` Kristaps Dzonsons
0 siblings, 1 reply; 3+ messages in thread
From: Ingo Schwarze @ 2011-04-30 22:59 UTC (permalink / raw)
To: tech; +Cc: Jason McIntyre
Hi Kristaps,
Kristaps Dzonsons wrote on Sun, May 01, 2011 at 12:37:27AM +0200:
> Enclosed is a patch to limit possible \N'nnn' escapes. \N
> transforms the number 'nnn' into its character representation and is
> marked as "for backwards compatibility" in mandoc_char(7).
>
> I can only find manuals using this for the double-quote \N'34', so
> this seems safe, but maybe one of you knows of crazy \N usage that
> would inspire me to re-think.
None known, and little wonder, as it would be a bad idea because it's
inherently non-portable even among systems supporting \N.
> However, throwing, e.g., the \b
> character in there will cause at least -Tps and -Tpdf to puke.
>
> Thoughts?
Maybe isprint(3)?
Yours,
Ingo
> Index: chars.c
> ===================================================================
> RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/chars.c,v
> retrieving revision 1.39
> diff -u -r1.39 chars.c
> --- chars.c 30 Apr 2011 22:24:31 -0000 1.39
> +++ chars.c 30 Apr 2011 22:31:11 -0000
> @@ -20,6 +20,7 @@
> #endif
>
> #include <assert.h>
> +#include <ctype.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> @@ -148,12 +149,10 @@
> return('\0');
>
> i = atoi(p);
> - /*
> - * FIXME:
> - * This is wrong. Anything could be written here!
> - * This should be carefully screened for possible characters.
> - */
> - return(i <= 0 || i > 255 ? '\0' : (char)i);
> + if (isalnum(i) || ispunct(i) || ' ' == (char)i)
> + return(i);
> +
> + return('\0');
> }
>
>
--
To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] \N'nnn' protection.
2011-04-30 22:59 ` Ingo Schwarze
@ 2011-04-30 23:18 ` Kristaps Dzonsons
0 siblings, 0 replies; 3+ messages in thread
From: Kristaps Dzonsons @ 2011-04-30 23:18 UTC (permalink / raw)
To: tech; +Cc: Ingo Schwarze, Jason McIntyre
>> Enclosed is a patch to limit possible \N'nnn' escapes. \N
>> transforms the number 'nnn' into its character representation and is
>> marked as "for backwards compatibility" in mandoc_char(7).
>>
>> I can only find manuals using this for the double-quote \N'34', so
>> this seems safe, but maybe one of you knows of crazy \N usage that
>> would inspire me to re-think.
>
> None known, and little wonder, as it would be a bad idea because it's
> inherently non-portable even among systems supporting \N.
>
>> However, throwing, e.g., the \b
>> character in there will cause at least -Tps and -Tpdf to puke.
>>
>> Thoughts?
>
> Maybe isprint(3)?
Ingo,
That'll do it. I wasn't sure if "printable characters including the
space" meant "including whitespace", i.e., newlines. However, I checked
on BSD, Linux, and Mac, and it seems that this is not the case.
Thus, I'll check in isprint() tomorrow.
Thanks!
Kristaps
--
To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-04-30 23:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-04-30 22:37 [PATCH] \N'nnn' protection Kristaps Dzonsons
2011-04-30 22:59 ` Ingo Schwarze
2011-04-30 23:18 ` Kristaps Dzonsons
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).