diff options
| author | delphij <delphij@FreeBSD.org> | 2015-01-23 18:42:05 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2015-01-23 18:42:05 +0000 |
| commit | ff89014ed1948e4e4c5303948a392950f3b33349 (patch) | |
| tree | f10d1b7f6180196e75c1ea7bb220bb8218fa398e | |
| parent | 6cd815aecec2d53bed80af25e735658524c7fdd5 (diff) | |
| download | FreeBSD-src-ff89014ed1948e4e4c5303948a392950f3b33349.zip FreeBSD-src-ff89014ed1948e4e4c5303948a392950f3b33349.tar.gz | |
MFC r275918:
Sync with NetBSD, mainly address NetBSD bug #43355:
Fix valid_format() to be more careful about allowing only valid
printf formats.
Obtained from: NetBSD
| -rw-r--r-- | usr.bin/seq/seq.1 | 9 | ||||
| -rw-r--r-- | usr.bin/seq/seq.c | 75 |
2 files changed, 53 insertions, 31 deletions
diff --git a/usr.bin/seq/seq.1 b/usr.bin/seq/seq.1 index 1ac977e..12dd184 100644 --- a/usr.bin/seq/seq.1 +++ b/usr.bin/seq/seq.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: seq.1,v 1.6 2008/11/26 15:03:47 ginsbach Exp $ +.\" $NetBSD: seq.1,v 1.8 2013/04/07 17:37:45 jdf Exp $ .\" .\" Copyright (c) 2005 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 19, 2010 +.Dd September 10, 2013 .Dt SEQ 1 .Os .Sh NAME @@ -59,7 +59,7 @@ as possible, in increments of When .Ar first is larger than -.Ar last +.Ar last , the default .Ar incr is -1. @@ -79,8 +79,11 @@ style .Ar format to print each number. Only the +.Cm A , +.Cm a , .Cm E , .Cm e , +.Cm F , .Cm f , .Cm G , .Cm g , diff --git a/usr.bin/seq/seq.c b/usr.bin/seq/seq.c index e077743..6d715e1 100644 --- a/usr.bin/seq/seq.c +++ b/usr.bin/seq/seq.c @@ -1,4 +1,4 @@ -/* $NetBSD: seq.c,v 1.5 2008/07/21 14:19:26 lukem Exp $ */ +/* $NetBSD: seq.c,v 1.7 2010/05/27 08:40:19 dholland Exp $ */ /* * Copyright (c) 2005 The NetBSD Foundation, Inc. * All rights reserved. @@ -158,6 +158,8 @@ main(int argc, char *argv[]) if (!valid_format(fmt)) errx(1, "invalid format string: `%s'", fmt); fmt = unescape(fmt); + if (!valid_format(fmt)) + errx(1, "invalid format string"); /* * XXX to be bug for bug compatible with Plan 9 add a * newline if none found at the end of the format string. @@ -225,39 +227,56 @@ numeric(const char *s) static int valid_format(const char *fmt) { - int conversions = 0; + unsigned conversions = 0; while (*fmt != '\0') { /* scan for conversions */ - if (*fmt != '\0' && *fmt != '%') { - do { - fmt++; - } while (*fmt != '\0' && *fmt != '%'); + if (*fmt != '%') { + fmt++; + continue; } - /* scan a conversion */ - if (*fmt != '\0') { - do { - fmt++; + fmt++; - /* ok %% */ - if (*fmt == '%') { - fmt++; - break; - } - /* valid conversions */ - if (strchr("eEfgG", *fmt) && - conversions++ < 1) { - fmt++; - break; - } - /* flags, width and precision */ - if (isdigit((unsigned char)*fmt) || - strchr("+- 0#.", *fmt)) - continue; + /* allow %% but not things like %10% */ + if (*fmt == '%') { + fmt++; + continue; + } - /* oops! bad conversion format! */ - return (0); - } while (*fmt != '\0'); + /* flags */ + while (*fmt != '\0' && strchr("#0- +'", *fmt)) { + fmt++; + } + + /* field width */ + while (*fmt != '\0' && strchr("0123456789", *fmt)) { + fmt++; + } + + /* precision */ + if (*fmt == '.') { + fmt++; + while (*fmt != '\0' && strchr("0123456789", *fmt)) { + fmt++; + } + } + + /* conversion */ + switch (*fmt) { + case 'A': + case 'a': + case 'E': + case 'e': + case 'F': + case 'f': + case 'G': + case 'g': + /* floating point formats are accepted */ + conversions++; + break; + default: + /* anything else is not */ + return 0; } } |
