isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check_pattern: check bounds as a repetition operator too.

Browse Source 
Add regess to verify check_pattern() via sudo_regex_compile().
This commit is contained in:
Todd C. Miller
2022-12-17 15:09:30 -07:00
parent f0530b66d3
commit 0614c1f626
4 changed files with 163 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/util/regex.c
View File

@@ -26,6 +26,7 @@
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <regex.h>
#include "sudo_compat.h"
@@ -60,11 +61,32 @@ check_pattern(const char *pattern)
case '?':
case '*':
case '+':
if (prev == '?' || prev == '*' || prev == '+') {
if (prev == '?' || prev == '*' || prev == '+' || prev == '{' ) {
/* Invalid repetition operator. */
debug_return_int(REG_BADRPT);
}
break;
case '{':
/* Match bound: {[0-9]([0-9,]*)} */
if (isdigit((unsigned char)*cp)) {
do {
cp++;
/* Allow digits to be escaped. */
if (cp[0] == '\\' && isdigit((unsigned char)cp[1]))
cp++;
} while (isdigit((unsigned char)*cp) || *cp == ',');
if (*cp == '}') {
if (prev == '?' || prev == '*' || prev == '+' || prev == '{' ) {
/* Invalid repetition operator. */
debug_return_int(REG_BADRPT);
}
/* Skip past '}', prev will be set to '{' below */
cp++;
break;
}
}
prev = '\0';
continue;
}
prev = ch;
}