Security fix to prevent XSS attacks:

[mandoc.git] / man_validate.c

diff --git a/man_validate.c b/man_validate.c
index 670acc8dfc6110dd7f07a5c46d8f749d3e48e8f6..bb268c99e2dac367e99907af3f0642076ff387c9 100644 (file)
--- a/man_validate.c
+++ b/man_validate.c
@@ -1,4 +1,4 @@
-/*     $Id: man_validate.c,v 1.98 2014/07/05 12:34:17 schwarze Exp $ */
+/*     $Id: man_validate.c,v 1.100 2014/07/07 21:36:20 schwarze Exp $ */
 /*
  * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010, 2012, 2013, 2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -190,10 +190,9 @@ static int
 check_root(CHKARGS)
 {
 
-       if (MAN_BLINE & man->flags)
-               man_nmsg(man, n, MANDOCERR_SCOPEEXIT);
-       else if (MAN_ELINE & man->flags)
-               man_nmsg(man, n, MANDOCERR_SCOPEEXIT);
+       if ((MAN_BLINE | MAN_ELINE) & man->flags)
+               mandoc_msg(MANDOCERR_BLK_LINE, man->parse,
+                   0, 0, "at end of file");
 
        man->flags &= ~MAN_BLINE;
        man->flags &= ~MAN_ELINE;
@@ -230,7 +229,8 @@ check_text(CHKARGS)
 
        cp = n->string;
        for (p = cp; NULL != (p = strchr(p, '\t')); p++)
-               man_pmsg(man, n->line, (int)(p - cp), MANDOCERR_BADTAB);
+               mandoc_msg(MANDOCERR_FI_TAB, man->parse,
+                   n->line, n->pos + (p - cp), NULL);
 }
 
 #define        INEQ_DEFINE(x, ineq, name) \