Changeset c426bc2


Ignore:
Timestamp:
Jan 20, 2011, 7:59:38 PM (14 years ago)
Author:
David Benjamin <davidben@mit.edu>
Branches:
master, release-1.10, release-1.8, release-1.9
Children:
a5f477c
Parents:
f47696f
git-author:
David Benjamin <davidben@mit.edu> (01/02/11 20:25:46)
git-committer:
David Benjamin <davidben@mit.edu> (01/20/11 19:59:38)
Message:
Rewrite owl_function_classinstfilt with proper quoting

The current ad-hoc code fails to handle tabs, which allows an attacker
to force a failed parse or run an arbitrary perl function.
[nelhage@nelhage.com: Use owl_string_appendf_quoted]
File:
1 edited

Legend:

Unmodified
Added
Removed
  • functions.c

    rc7fe23e rc426bc2  
    22862286{
    22872287  owl_filter *f;
    2288   char *argbuff, *filtname;
     2288  char *filtname;
    22892289  char *tmpclass, *tmpinstance = NULL;
    22902290  char *class, *instance = NULL;
     2291  GString *buf;
    22912292
    22922293  if (related) {
     
    23282329  /* create the new filter */
    23292330  tmpclass=owl_text_quote(class, OWL_REGEX_QUOTECHARS, OWL_REGEX_QUOTEWITH);
    2330   owl_text_tr(tmpclass, ' ', '.');
    2331   owl_text_tr(tmpclass, '\'', '.');
    2332   owl_text_tr(tmpclass, '"', '.');
    23332331  if (instance) {
    23342332    tmpinstance=owl_text_quote(instance, OWL_REGEX_QUOTECHARS, OWL_REGEX_QUOTEWITH);
    2335     owl_text_tr(tmpinstance, ' ', '.');
    2336     owl_text_tr(tmpinstance, '\'', '.');
    2337     owl_text_tr(tmpinstance, '"', '.');
    2338   }
    2339 
    2340   argbuff = owl_sprintf(related ? "class ^(un)*%s(\\.d)*$" : "class ^%s$", tmpclass);
     2333  }
     2334
     2335  buf = g_string_new("");
     2336  owl_string_appendf_quoted(buf,
     2337                            related ? "class ^(un)*%q(\\.d)*$" : "class ^%q$",
     2338                            tmpclass);
     2339
    23412340  if (tmpinstance) {
    2342     char *tmp = argbuff;
    2343     argbuff = owl_sprintf(related ? "%s and ( instance ^(un)*%s(\\.d)*$ )" : "%s and instance ^%s$", tmp, tmpinstance);
    2344     owl_free(tmp);
     2341    owl_string_appendf_quoted(buf,
     2342                              related ?
     2343                              " and ( instance ^(un)*%q(\\.d)*$ )" :
     2344                              " and instance ^%q$",
     2345                              tmpinstance);
    23452346  }
    23462347  owl_free(tmpclass);
    2347   if (tmpinstance) owl_free(tmpinstance);
    2348 
    2349   f = owl_filter_new_fromstring(filtname, argbuff);
    2350   owl_free(argbuff);
     2348  owl_free(tmpinstance);
     2349
     2350  f = owl_filter_new_fromstring(filtname, buf->str);
     2351  g_string_free(buf, true);
    23512352  if (f == NULL) {
    23522353    /* Couldn't make a filter for some reason. Return NULL. */
Note: See TracChangeset for help on using the changeset viewer.