-/* $Id: main.c,v 1.112 2010/12/01 16:28:23 kristaps Exp $ */
+/* $Id: main.c,v 1.113 2010/12/01 16:54:25 kristaps Exp $ */
/*
* Copyright (c) 2008, 2009, 2010 Kristaps Dzonsons <kristaps@bsd.lv>
* Copyright (c) 2010 Ingo Schwarze <schwarze@openbsd.org>
"generic warning",
+ ".so is fragile, better use ln(1)",
"text should be uppercase",
"sections out of conventional order",
"section name repeats",
"argument count wrong, violates syntax",
"child violates parent syntax",
"argument count wrong, violates syntax",
+ "NOT IMPLEMENTED: .so with absolute path or \"..\"",
"no document body",
"no document prologue",
"utsname system call failed",
-/* $Id: mandoc.h,v 1.25 2010/12/01 10:31:35 kristaps Exp $ */
+/* $Id: mandoc.h,v 1.26 2010/12/01 16:54:25 kristaps Exp $ */
/*
* Copyright (c) 2010 Kristaps Dzonsons <kristaps@bsd.lv>
*
MANDOCERR_OK,
MANDOCERR_WARNING, /* ===== start of warnings ===== */
+ MANDOCERR_SO, /* .so is fragile, better use ln(1) */
MANDOCERR_UPPERCASE, /* text should be uppercase */
MANDOCERR_SECOOO, /* sections out of conventional order */
MANDOCERR_SECREP, /* section name repeats */
MANDOCERR_SYNTARGVCOUNT, /* argument count wrong, violates syntax */
MANDOCERR_SYNTCHILD, /* child violates parent syntax */
MANDOCERR_SYNTARGCOUNT, /* argument count wrong, violates syntax */
+ MANDOCERR_SOPATH, /* NOT IMPLEMENTED: .so with absolute path or ".." */
MANDOCERR_NODOCBODY, /* no document body */
MANDOCERR_NODOCPROLOG, /* no document prologue */
MANDOCERR_UTSNAME, /* utsname system call failed */
-/* $Id: roff.c,v 1.104 2010/12/01 10:31:35 kristaps Exp $ */
+/* $Id: roff.c,v 1.105 2010/12/01 16:54:25 kristaps Exp $ */
/*
* Copyright (c) 2010 Kristaps Dzonsons <kristaps@bsd.lv>
* Copyright (c) 2010 Ingo Schwarze <schwarze@openbsd.org>
ROFF_nh,
ROFF_nr,
ROFF_rm,
+ ROFF_so,
ROFF_tr,
ROFF_cblock,
ROFF_ccond, /* FIXME: remove this. */
char **, size_t *, int);
static void roff_setstr(struct roff *,
const char *, const char *);
+static enum rofferr roff_so(ROFF_ARGS);
static char *roff_strdup(const char *);
/* See roff_hash_find() */
{ "nh", roff_line_ignore, NULL, NULL, 0, NULL },
{ "nr", roff_nr, NULL, NULL, 0, NULL },
{ "rm", roff_line_error, NULL, NULL, 0, NULL },
+ { "so", roff_so, NULL, NULL, 0, NULL },
{ "tr", roff_line_ignore, NULL, NULL, 0, NULL },
{ ".", roff_cblock, NULL, NULL, 0, NULL },
{ "\\}", roff_ccond, NULL, NULL, 0, NULL },
return(ROFF_IGN);
}
+/* ARGSUSED */
+static enum rofferr
+roff_so(ROFF_ARGS)
+{
+ char *name;
+
+ (*r->msg)(MANDOCERR_SO, r->data, ln, ppos, NULL);
+
+ /*
+ * Handle `so'. Be EXTREMELY careful, as we shouldn't be
+ * opening anything that's not in our cwd or anything beneath
+ * it. Thus, explicitly disallow traversing up the file-system
+ * or using absolute paths.
+ */
+
+ name = *bufp + pos;
+ if ('/' == *name || strstr(name, "../") || strstr(name, "/..")) {
+ (*r->msg)(MANDOCERR_SOPATH, r->data, ln, pos, NULL);
+ return(ROFF_ERR);
+ }
+
+ *offs = pos;
+ return(ROFF_SO);
+}
static char *
roff_strdup(const char *name)