[PATCH] \N'nnn' protection.

tech@mandoc.bsd.lv
 help / color / mirror / Atom feed

* [PATCH] \N'nnn' protection.
@ 2011-04-30 22:37 Kristaps Dzonsons
  2011-04-30 22:59 ` Ingo Schwarze
  0 siblings, 1 reply; 3+ messages in thread
From: Kristaps Dzonsons @ 2011-04-30 22:37 UTC (permalink / raw)
  To: tech, Jason McIntyre

[-- Attachment #1: Type: text/plain, Size: 479 bytes --]

Hi,

Enclosed is a patch to limit possible \N'nnn' escapes.  \N transforms 
the number 'nnn' into its character representation and is marked as "for 
backwards compatibility" in mandoc_char(7).

I can only find manuals using this for the double-quote \N'34', so this 
seems safe, but maybe one of you knows of crazy \N usage that would 
inspire me to re-think.  However, throwing, e.g., the \b character in 
there will cause at least -Tps and -Tpdf to puke.

Thoughts?

Kristaps

[-- Attachment #2: patch.chars.txt --]
[-- Type: text/plain, Size: 734 bytes --]

Index: chars.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/chars.c,v
retrieving revision 1.39
diff -u -r1.39 chars.c
--- chars.c	30 Apr 2011 22:24:31 -0000	1.39
+++ chars.c	30 Apr 2011 22:31:11 -0000
@@ -20,6 +20,7 @@
 #endif
 
 #include <assert.h>
+#include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -148,12 +149,10 @@
 		return('\0');
 
 	i = atoi(p);
-	/* 
-	 * FIXME:
-	 * This is wrong.  Anything could be written here!
-	 * This should be carefully screened for possible characters.
-	 */
-	return(i <= 0 || i > 255 ? '\0' : (char)i);
+	if (isalnum(i) || ispunct(i) || ' ' == (char)i)
+		return(i);
+
+	return('\0');
 }
 
 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] \N'nnn' protection.
  2011-04-30 22:37 [PATCH] \N'nnn' protection Kristaps Dzonsons
@ 2011-04-30 22:59 ` Ingo Schwarze
  2011-04-30 23:18   ` Kristaps Dzonsons
  0 siblings, 1 reply; 3+ messages in thread
From: Ingo Schwarze @ 2011-04-30 22:59 UTC (permalink / raw)
  To: tech; +Cc: Jason McIntyre

Hi Kristaps,

Kristaps Dzonsons wrote on Sun, May 01, 2011 at 12:37:27AM +0200:

> Enclosed is a patch to limit possible \N'nnn' escapes.  \N
> transforms the number 'nnn' into its character representation and is
> marked as "for backwards compatibility" in mandoc_char(7).
> 
> I can only find manuals using this for the double-quote \N'34', so
> this seems safe, but maybe one of you knows of crazy \N usage that
> would inspire me to re-think.

None known, and little wonder, as it would be a bad idea because it's
inherently non-portable even among systems supporting \N.

> However, throwing, e.g., the \b
> character in there will cause at least -Tps and -Tpdf to puke.
> 
> Thoughts?

Maybe isprint(3)?

Yours,
  Ingo

> Index: chars.c
> ===================================================================
> RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/chars.c,v
> retrieving revision 1.39
> diff -u -r1.39 chars.c
> --- chars.c	30 Apr 2011 22:24:31 -0000	1.39
> +++ chars.c	30 Apr 2011 22:31:11 -0000
> @@ -20,6 +20,7 @@
>  #endif
>  
>  #include <assert.h>
> +#include <ctype.h>
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <string.h>
> @@ -148,12 +149,10 @@
>  		return('\0');
>  
>  	i = atoi(p);
> -	/* 
> -	 * FIXME:
> -	 * This is wrong.  Anything could be written here!
> -	 * This should be carefully screened for possible characters.
> -	 */
> -	return(i <= 0 || i > 255 ? '\0' : (char)i);
> +	if (isalnum(i) || ispunct(i) || ' ' == (char)i)
> +		return(i);
> +
> +	return('\0');
>  }
>  
>  

--
 To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] \N'nnn' protection.
  2011-04-30 22:59 ` Ingo Schwarze
@ 2011-04-30 23:18   ` Kristaps Dzonsons
  0 siblings, 0 replies; 3+ messages in thread
From: Kristaps Dzonsons @ 2011-04-30 23:18 UTC (permalink / raw)
  To: tech; +Cc: Ingo Schwarze, Jason McIntyre

>> Enclosed is a patch to limit possible \N'nnn' escapes.  \N
>> transforms the number 'nnn' into its character representation and is
>> marked as "for backwards compatibility" in mandoc_char(7).
>>
>> I can only find manuals using this for the double-quote \N'34', so
>> this seems safe, but maybe one of you knows of crazy \N usage that
>> would inspire me to re-think.
>
> None known, and little wonder, as it would be a bad idea because it's
> inherently non-portable even among systems supporting \N.
>
>> However, throwing, e.g., the \b
>> character in there will cause at least -Tps and -Tpdf to puke.
>>
>> Thoughts?
>
> Maybe isprint(3)?

Ingo,

That'll do it.  I wasn't sure if "printable characters including the 
space" meant "including whitespace", i.e., newlines.  However, I checked 
on BSD, Linux, and Mac, and it seems that this is not the case.

Thus, I'll check in isprint() tomorrow.

Thanks!

Kristaps
--
 To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-04-30 23:19 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-04-30 22:37 [PATCH] \N'nnn' protection Kristaps Dzonsons
2011-04-30 22:59 ` Ingo Schwarze
2011-04-30 23:18   ` Kristaps Dzonsons

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).