Mail Archives: cygwin/2006/11/22/13:41:16

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2006/11/22/13:41:16

X-Spam-Check-By: sourceware.org

Message-ID: <456499B0.5000109@acm.org>

Date: Wed, 22 Nov 2006 13:40:48 -0500

From: Federico Lucifredi <flucifredi AT acm DOT org>

User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)

MIME-Version: 1.0

To: flucifredi AT acm DOT org

CC: brucejones AT hawaii DOT rr DOT com, cygwin AT cygwin DOT com, Dr DOT Volker DOT Zell AT oracle DOT com

Subject: Re: Makewhatis problem in Man 1.5p-1

References: <W4968630145222411164149936 AT webmail2>

In-Reply-To: <W4968630145222411164149936@webmail2>

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

--------------070807050408020607000309
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Actually, I have merged the patch in the next release candidate but I 
cannot release it in the current form (attached).

Here is the problem: once the patch is in place, the quoted mode of the 
is_shell_safe() function becomes useless, as the main difference is an 
increment to skip checking for whitespace (in src/util.c).

In the current form, however, the patch removes bad[0] (which used to be 
whitespace), and as a result the ++ increment results in quoted strings 
not being checked for ';'.

This is perhaps not all that dangerous, but still sloppy. I point it out 
here because I understand that the CYGWIN codebase currently ships the 
patch.

Input and corrections are welcome.

  Best -F

Federico Lucifredi wrote:
> Hello Volker,
>  Thank you for passing over the patch, I had misunderstood Bruce's report for another issue.
> 
>  Patch merged in 1.6f candidate, it will be in the next release.
> 
>  Best -Federico
> 
> 
> _________________________________________
> -- "'Problem' is a bleak word for challenge" - Richard Fish
> (Federico L. Lucifredi)-
> 
> 
> 


-- 

_________________________________________
-- "'Problem' is a bleak word for challenge" - Richard Fish
(Federico L. Lucifredi) - http://www.lucifredi.com

--------------070807050408020607000309
Content-Type: text/plain;
 name="man-1.6d.safe.patch"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="man-1.6d.safe.patch"

ZGlmZiAtdXJOIC14IENZR1dJTi1QQVRDSEVTIC14ICdhY2xvY2FsLm00Kicg
LXggbHRtYWluLnNoIC14ICdjb25maWcuKicgLXggZGVwY29tcCAteCBpbnN0
YWxsLXNoIC14IG1pc3NpbmcgLXggbWtpbnN0YWxsZGlycyAteCBhdXRvbTR0
ZS5jYWNoZSAteCAnKmNvbXBpbGUnIC14IE1ha2VmaWxlLmluLmluIC14ICdp
bnRsdG9vbCouaW4nIC14ICd4bWwtaTE4bi0qLmluJyAteCAnKi5weWMnIC14
ICcqLm1vJyAteCAnKi5nbW8nIC14IEFCT1VULU5MUyAteCBNYWtldmFycy50
ZW1wbGF0ZSAteCBDT1BZSU5HIC14IElOU1RBTEwgLXggJyoub3JpZycgLXgg
JyoucmVqJyAteCAnKn4nIC14ICcqLnRlbXAnIC14IHRleGluZm8udGV4IC14
IHlsd3JhcCAteCBnbm9tZS1kb2MtdXRpbHMubWFrZSAteCBnbm9tZS1kb2Mt
dXRpbHMubTQgLXggaW50bHRvb2wubTQgLXggb21mLm1ha2UgLXggeG1sZG9j
cy5tYWtlIG9yaWdzcmMvbWFuLTEuNmQvc3JjL21hbi5jIHNyYy9tYW4tMS42
ZC9zcmMvbWFuLmMNCi0tLSBvcmlnc3JjL21hbi0xLjZkL3NyYy9tYW4uYwky
MDA2LTA1LTAxIDIyOjM0OjIyLjAwMDAwMDAwMCArMDIwMA0KKysrIHNyYy9t
YW4tMS42ZC9zcmMvbWFuLmMJMjAwNi0xMS0xNyAxMTozNTozOS4wNDk1Nzky
MDAgKzAxMDANCkBAIC03ODEsMTAgKzc4MSwxMCBAQA0KIAkgICAgIEJ1dCBp
dCBjaGFuZ2VzIHRoZSBtZWFuaW5nIG9mIG1hbl9maWxlIGFuZCBjYXRfZmls
ZSwNCiAJICAgICBpZiB0aGVzZSBhcmUgbm90IGFic29sdXRlLiAqLw0KIAkN
Ci0JICBjb21tYW5kID0gbXlfeHNwcmludGYoIihjZCAlUyAmJiAlcyB8ICVT
ID4gJVMpIiwgcGF0aCwNCisJICBjb21tYW5kID0gbXlfeHNwcmludGYoIihj
ZCBcIiVTXCIgJiYgJXMgfCAlUyA+ICVTKSIsIHBhdGgsDQogCQkgICByb2Zm
X2NvbW1hbmQsIGdldHZhbCgiQ09NUFJFU1MiKSwgY2F0X2ZpbGUpOw0KICAg
ICAgZWxzZQ0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZiAoIihjZCAlUyAm
JiAlcyA+ICVTKSIsIHBhdGgsDQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRm
ICgiKGNkIFwiJVNcIiAmJiAlcyA+ICVTKSIsIHBhdGgsDQogCQkgICByb2Zm
X2NvbW1hbmQsIGNhdF9maWxlKTsNCiANCiAgICAgIC8qDQpAQCAtODI5LDkg
KzgyOSw5IEBADQogICAgICBpZiAocm9mZl9jb21tYW5kID09IE5VTEwpDQog
CSAgcmV0dXJuIDA7DQogICAgICBpZiAoZG9fdHJvZmYpDQotCSAgY29tbWFu
ZCA9IG15X3hzcHJpbnRmICgiKGNkICVTICYmICVzKSIsIHBhdGgsIHJvZmZf
Y29tbWFuZCk7DQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRmICgiKGNkIFwi
JVNcIiAmJiAlcykiLCBwYXRoLCByb2ZmX2NvbW1hbmQpOw0KICAgICAgZWxz
ZQ0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZiAoIihjZCAlUyAmJiAlcyB8
ICVzKSIsIHBhdGgsDQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRmICgiKGNk
IFwiJVNcIiAmJiAlcyB8ICVzKSIsIHBhdGgsDQogCQkgICByb2ZmX2NvbW1h
bmQsIHBhZ2VyKTsNCiANCiAgICAgIHJldHVybiAhZG9fc3lzdGVtX2NvbW1h
bmQgKGNvbW1hbmQsIDApOw0KQEAgLTk0MCw3ICs5NDAsNyBAQA0KIAkgIGlm
IChyb2ZmX2NvbW1hbmQgPT0gTlVMTCkNCiAJICAgICAgIHJldHVybiAwOw0K
IA0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZigiKGNkICVTICYmICVzKSIs
IHBhdGgsIHJvZmZfY29tbWFuZCk7DQorCSAgY29tbWFuZCA9IG15X3hzcHJp
bnRmKCIoY2QgXCIlU1wiICYmICVzKSIsIHBhdGgsIHJvZmZfY29tbWFuZCk7
DQogCSAgcmV0dXJuICFkb19zeXN0ZW1fY29tbWFuZCAoY29tbWFuZCwgMCk7
DQogICAgICB9DQogDQpkaWZmIC11ck4gLXggQ1lHV0lOLVBBVENIRVMgLXgg
J2FjbG9jYWwubTQqJyAteCBsdG1haW4uc2ggLXggJ2NvbmZpZy4qJyAteCBk
ZXBjb21wIC14IGluc3RhbGwtc2ggLXggbWlzc2luZyAteCBta2luc3RhbGxk
aXJzIC14IGF1dG9tNHRlLmNhY2hlIC14ICcqY29tcGlsZScgLXggTWFrZWZp
bGUuaW4uaW4gLXggJ2ludGx0b29sKi5pbicgLXggJ3htbC1pMThuLSouaW4n
IC14ICcqLnB5YycgLXggJyoubW8nIC14ICcqLmdtbycgLXggQUJPVVQtTkxT
IC14IE1ha2V2YXJzLnRlbXBsYXRlIC14IENPUFlJTkcgLXggSU5TVEFMTCAt
eCAnKi5vcmlnJyAteCAnKi5yZWonIC14ICcqficgLXggJyoudGVtcCcgLXgg
dGV4aW5mby50ZXggLXggeWx3cmFwIC14IGdub21lLWRvYy11dGlscy5tYWtl
IC14IGdub21lLWRvYy11dGlscy5tNCAteCBpbnRsdG9vbC5tNCAteCBvbWYu
bWFrZSAteCB4bWxkb2NzLm1ha2Ugb3JpZ3NyYy9tYW4tMS42ZC9zcmMvdXRp
bC5jIHNyYy9tYW4tMS42ZC9zcmMvdXRpbC5jDQotLS0gb3JpZ3NyYy9tYW4t
MS42ZC9zcmMvdXRpbC5jCTIwMDYtMDUtMDEgMjI6MzQ6NDkuMDAwMDAwMDAw
ICswMjAwDQorKysgc3JjL21hbi0xLjZkL3NyYy91dGlsLmMJMjAwNi0xMS0x
NyAxMTozNjo1Mi44NzU3MzYwMDAgKzAxMDANCkBAIC0yNDIsNyArMjQyLDcg
QEANCiANCiBzdGF0aWMgaW50DQogaXNfc2hlbGxfc2FmZShjb25zdCBjaGFy
ICpzcywgaW50IHF1b3RlZCkgew0KLQljaGFyICpiYWQgPSAiIDsnXFxcIjw+
fCI7DQorCWNoYXIgKmJhZCA9ICI7J1xcXCI8PnwiOw0KIAljaGFyICpwOw0K
IA0KIAlpZiAocXVvdGVkKQ0K


--------------070807050408020607000309
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
--------------070807050408020607000309--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Spam-Check-By:	sourceware.org
Message-ID:	<456499B0.5000109@acm.org>
Date:	Wed, 22 Nov 2006 13:40:48 -0500
From:	Federico Lucifredi <flucifredi AT acm DOT org>
User-Agent:	Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version:	1.0
To:	flucifredi AT acm DOT org
CC:	brucejones AT hawaii DOT rr DOT com, cygwin AT cygwin DOT com, Dr DOT Volker DOT Zell AT oracle DOT com
Subject:	Re: Makewhatis problem in Man 1.5p-1
References:	<W4968630145222411164149936 AT webmail2>
In-Reply-To:	<W4968630145222411164149936@webmail2>
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com