Imported Upstream version 2.6.4
This commit is contained in:
Arnaud Quette
parent
fad6ced6f6
commit
fefe62b2bd
257 changed files with 6020 additions and 1394 deletions
|
|
@ -171,6 +171,13 @@ static void addchar(PCONF_CTX_t *ctx)
|
|||
|
||||
wbuflen = strlen(ctx->wordbuf);
|
||||
|
||||
/* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
|
||||
if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
|
||||
fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n",
|
||||
ctx->ch);
|
||||
return;
|
||||
}
|
||||
|
||||
if (ctx->wordlen_limit != 0) {
|
||||
if (wbuflen >= ctx->wordlen_limit) {
|
||||
|
||||
|
|
@ -240,6 +247,13 @@ static int findwordstart(PCONF_CTX_t *ctx)
|
|||
|
||||
/* at this point the word just started */
|
||||
addchar(ctx);
|
||||
|
||||
/* if the first character is a '=' this is considered a whole word */
|
||||
if (ctx->ch == '=') {
|
||||
endofword(ctx);
|
||||
return STATE_FINDWORDSTART;
|
||||
}
|
||||
|
||||
return STATE_COLLECT;
|
||||
}
|
||||
|
||||
|
|
@ -326,6 +340,14 @@ static int collect(PCONF_CTX_t *ctx)
|
|||
return STATE_FINDWORDSTART;
|
||||
}
|
||||
|
||||
/* '=' means the word is done and the = is a single char word*/
|
||||
if (ctx->ch == '=') {
|
||||
endofword(ctx);
|
||||
findwordstart(ctx);
|
||||
|
||||
return STATE_FINDWORDSTART;
|
||||
}
|
||||
|
||||
/* \ = literal = accept the next char blindly */
|
||||
if (ctx->ch == '\\')
|
||||
return STATE_COLLECTLITERAL;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue