v2 adjusts qchars to skip the backslash.
---8<---
Naked backslashes in patterns may incorrectly unquote subsequent
wild characters that are themselves quoted. Fix this by adding
an extra backslash when necessary.
Test case:
a="\\*bc"; b="\\"; c="*"; echo "<${a##$b"$c"}>"
Old result:
<>
New result:
<bc>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
---
src/expand.c | 10 ++++++++--
src/mystring.c | 1 +
src/mystring.h | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/expand.c b/src/expand.c
index 2ed02d6..0db2b29 100644
--- a/src/expand.c
+++ b/src/expand.c
@@ -1658,6 +1658,7 @@ _rmescapes(char *str, int flag)
char *p, *q, *r;
int notescaped;
int globbing;
+ int inquotes;
p = strpbrk(str, cqchars);
if (!p) {
@@ -1692,16 +1693,17 @@ _rmescapes(char *str, int flag)
q = mempcpy(q, str, len);
}
}
+ inquotes = 0;
notescaped = globbing;
while (*p) {
if (*p == (char)CTLQUOTEMARK) {
p++;
- notescaped = globbing;
+ inquotes ^= globbing;
continue;
}
if (*p == '\\') {
/* naked back slash */
- notescaped = 0;
+ notescaped ^= globbing;
goto copy;
}
if (FNMATCH_IS_ENABLED && *p == '^')
@@ -1711,6 +1713,10 @@ _rmescapes(char *str, int flag)
add_escape:
if (notescaped)
*q++ = '\\';
+ else if (inquotes) {
+ *q++ = '\\';
+ *q++ = '\\';
+ }
}
notescaped = globbing;
copy:
diff --git a/src/mystring.c b/src/mystring.c
index f651521..5eace6c 100644
--- a/src/mystring.c
+++ b/src/mystring.c
@@ -63,6 +63,7 @@ const char snlfmt[] = "%s\n";
const char dolatstr[] = { CTLQUOTEMARK, CTLVAR, VSNORMAL | VSBIT, '@', '=',
CTLQUOTEMARK, '\0' };
const char cqchars[] = {
+ '\\',
#ifdef HAVE_FNMATCH
'^',
#endif
diff --git a/src/mystring.h b/src/mystring.h
index 564b911..d0ec9dd 100644
--- a/src/mystring.h
+++ b/src/mystring.h
@@ -48,7 +48,7 @@ extern const char spcstr[];
extern const char dolatstr[];
#define DOLATSTRLEN 6
extern const char cqchars[];
-#define qchars (cqchars + FNMATCH_IS_ENABLED)
+#define qchars (cqchars + FNMATCH_IS_ENABLED + 1)
extern const char illnum[];
extern const char homestr[];
--
2.39.2
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[v2 PATCH] expand: Fix naked backslah leakage
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [v2 PATCH] expand: Fix naked backslah leakage
- From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 1 May 2024 17:12:27 +0800
- Prev by Date: Re: [PATCH] Generate signal names at runtime
- Next by Date: [PATCH] input: Fix potential out-of-bounds read in popstring
- Previous by thread: [v2 PATCH 0/8] Add multi-byte support
- Next by thread: [PATCH] input: Fix potential out-of-bounds read in popstring
- Index(es):
 |