X-Spam-Check-By: sourceware.org Message-ID: <456499B0.5000109@acm.org> Date: Wed, 22 Nov 2006 13:40:48 -0500 From: Federico Lucifredi User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: flucifredi AT acm DOT org CC: brucejones AT hawaii DOT rr DOT com, cygwin AT cygwin DOT com, Dr DOT Volker DOT Zell AT oracle DOT com Subject: Re: Makewhatis problem in Man 1.5p-1 References: In-Reply-To: Content-Type: multipart/mixed; boundary="------------070807050408020607000309" Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com --------------070807050408020607000309 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Actually, I have merged the patch in the next release candidate but I cannot release it in the current form (attached). Here is the problem: once the patch is in place, the quoted mode of the is_shell_safe() function becomes useless, as the main difference is an increment to skip checking for whitespace (in src/util.c). In the current form, however, the patch removes bad[0] (which used to be whitespace), and as a result the ++ increment results in quoted strings not being checked for ';'. This is perhaps not all that dangerous, but still sloppy. I point it out here because I understand that the CYGWIN codebase currently ships the patch. Input and corrections are welcome. Best -F Federico Lucifredi wrote: > Hello Volker, > Thank you for passing over the patch, I had misunderstood Bruce's report for another issue. > > Patch merged in 1.6f candidate, it will be in the next release. > > Best -Federico > > > _________________________________________ > -- "'Problem' is a bleak word for challenge" - Richard Fish > (Federico L. Lucifredi)- > > > -- _________________________________________ -- "'Problem' is a bleak word for challenge" - Richard Fish (Federico L. Lucifredi) - http://www.lucifredi.com --------------070807050408020607000309 Content-Type: text/plain; name="man-1.6d.safe.patch" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="man-1.6d.safe.patch" ZGlmZiAtdXJOIC14IENZR1dJTi1QQVRDSEVTIC14ICdhY2xvY2FsLm00Kicg LXggbHRtYWluLnNoIC14ICdjb25maWcuKicgLXggZGVwY29tcCAteCBpbnN0 YWxsLXNoIC14IG1pc3NpbmcgLXggbWtpbnN0YWxsZGlycyAteCBhdXRvbTR0 ZS5jYWNoZSAteCAnKmNvbXBpbGUnIC14IE1ha2VmaWxlLmluLmluIC14ICdp bnRsdG9vbCouaW4nIC14ICd4bWwtaTE4bi0qLmluJyAteCAnKi5weWMnIC14 ICcqLm1vJyAteCAnKi5nbW8nIC14IEFCT1VULU5MUyAteCBNYWtldmFycy50 ZW1wbGF0ZSAteCBDT1BZSU5HIC14IElOU1RBTEwgLXggJyoub3JpZycgLXgg JyoucmVqJyAteCAnKn4nIC14ICcqLnRlbXAnIC14IHRleGluZm8udGV4IC14 IHlsd3JhcCAteCBnbm9tZS1kb2MtdXRpbHMubWFrZSAteCBnbm9tZS1kb2Mt dXRpbHMubTQgLXggaW50bHRvb2wubTQgLXggb21mLm1ha2UgLXggeG1sZG9j cy5tYWtlIG9yaWdzcmMvbWFuLTEuNmQvc3JjL21hbi5jIHNyYy9tYW4tMS42 ZC9zcmMvbWFuLmMNCi0tLSBvcmlnc3JjL21hbi0xLjZkL3NyYy9tYW4uYwky MDA2LTA1LTAxIDIyOjM0OjIyLjAwMDAwMDAwMCArMDIwMA0KKysrIHNyYy9t YW4tMS42ZC9zcmMvbWFuLmMJMjAwNi0xMS0xNyAxMTozNTozOS4wNDk1Nzky MDAgKzAxMDANCkBAIC03ODEsMTAgKzc4MSwxMCBAQA0KIAkgICAgIEJ1dCBp dCBjaGFuZ2VzIHRoZSBtZWFuaW5nIG9mIG1hbl9maWxlIGFuZCBjYXRfZmls ZSwNCiAJICAgICBpZiB0aGVzZSBhcmUgbm90IGFic29sdXRlLiAqLw0KIAkN Ci0JICBjb21tYW5kID0gbXlfeHNwcmludGYoIihjZCAlUyAmJiAlcyB8ICVT ID4gJVMpIiwgcGF0aCwNCisJICBjb21tYW5kID0gbXlfeHNwcmludGYoIihj ZCBcIiVTXCIgJiYgJXMgfCAlUyA+ICVTKSIsIHBhdGgsDQogCQkgICByb2Zm X2NvbW1hbmQsIGdldHZhbCgiQ09NUFJFU1MiKSwgY2F0X2ZpbGUpOw0KICAg ICAgZWxzZQ0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZiAoIihjZCAlUyAm JiAlcyA+ICVTKSIsIHBhdGgsDQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRm ICgiKGNkIFwiJVNcIiAmJiAlcyA+ICVTKSIsIHBhdGgsDQogCQkgICByb2Zm X2NvbW1hbmQsIGNhdF9maWxlKTsNCiANCiAgICAgIC8qDQpAQCAtODI5LDkg KzgyOSw5IEBADQogICAgICBpZiAocm9mZl9jb21tYW5kID09IE5VTEwpDQog CSAgcmV0dXJuIDA7DQogICAgICBpZiAoZG9fdHJvZmYpDQotCSAgY29tbWFu ZCA9IG15X3hzcHJpbnRmICgiKGNkICVTICYmICVzKSIsIHBhdGgsIHJvZmZf Y29tbWFuZCk7DQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRmICgiKGNkIFwi JVNcIiAmJiAlcykiLCBwYXRoLCByb2ZmX2NvbW1hbmQpOw0KICAgICAgZWxz ZQ0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZiAoIihjZCAlUyAmJiAlcyB8 ICVzKSIsIHBhdGgsDQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRmICgiKGNk IFwiJVNcIiAmJiAlcyB8ICVzKSIsIHBhdGgsDQogCQkgICByb2ZmX2NvbW1h bmQsIHBhZ2VyKTsNCiANCiAgICAgIHJldHVybiAhZG9fc3lzdGVtX2NvbW1h bmQgKGNvbW1hbmQsIDApOw0KQEAgLTk0MCw3ICs5NDAsNyBAQA0KIAkgIGlm IChyb2ZmX2NvbW1hbmQgPT0gTlVMTCkNCiAJICAgICAgIHJldHVybiAwOw0K IA0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZigiKGNkICVTICYmICVzKSIs IHBhdGgsIHJvZmZfY29tbWFuZCk7DQorCSAgY29tbWFuZCA9IG15X3hzcHJp bnRmKCIoY2QgXCIlU1wiICYmICVzKSIsIHBhdGgsIHJvZmZfY29tbWFuZCk7 DQogCSAgcmV0dXJuICFkb19zeXN0ZW1fY29tbWFuZCAoY29tbWFuZCwgMCk7 DQogICAgICB9DQogDQpkaWZmIC11ck4gLXggQ1lHV0lOLVBBVENIRVMgLXgg J2FjbG9jYWwubTQqJyAteCBsdG1haW4uc2ggLXggJ2NvbmZpZy4qJyAteCBk ZXBjb21wIC14IGluc3RhbGwtc2ggLXggbWlzc2luZyAteCBta2luc3RhbGxk aXJzIC14IGF1dG9tNHRlLmNhY2hlIC14ICcqY29tcGlsZScgLXggTWFrZWZp bGUuaW4uaW4gLXggJ2ludGx0b29sKi5pbicgLXggJ3htbC1pMThuLSouaW4n IC14ICcqLnB5YycgLXggJyoubW8nIC14ICcqLmdtbycgLXggQUJPVVQtTkxT IC14IE1ha2V2YXJzLnRlbXBsYXRlIC14IENPUFlJTkcgLXggSU5TVEFMTCAt eCAnKi5vcmlnJyAteCAnKi5yZWonIC14ICcqficgLXggJyoudGVtcCcgLXgg dGV4aW5mby50ZXggLXggeWx3cmFwIC14IGdub21lLWRvYy11dGlscy5tYWtl IC14IGdub21lLWRvYy11dGlscy5tNCAteCBpbnRsdG9vbC5tNCAteCBvbWYu bWFrZSAteCB4bWxkb2NzLm1ha2Ugb3JpZ3NyYy9tYW4tMS42ZC9zcmMvdXRp bC5jIHNyYy9tYW4tMS42ZC9zcmMvdXRpbC5jDQotLS0gb3JpZ3NyYy9tYW4t MS42ZC9zcmMvdXRpbC5jCTIwMDYtMDUtMDEgMjI6MzQ6NDkuMDAwMDAwMDAw ICswMjAwDQorKysgc3JjL21hbi0xLjZkL3NyYy91dGlsLmMJMjAwNi0xMS0x NyAxMTozNjo1Mi44NzU3MzYwMDAgKzAxMDANCkBAIC0yNDIsNyArMjQyLDcg QEANCiANCiBzdGF0aWMgaW50DQogaXNfc2hlbGxfc2FmZShjb25zdCBjaGFy ICpzcywgaW50IHF1b3RlZCkgew0KLQljaGFyICpiYWQgPSAiIDsnXFxcIjw+ fCI7DQorCWNoYXIgKmJhZCA9ICI7J1xcXCI8PnwiOw0KIAljaGFyICpwOw0K IA0KIAlpZiAocXVvdGVkKQ0K --------------070807050408020607000309 Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ --------------070807050408020607000309--