From c58b664885be4d4d3c8c566263efb535c8c4e271 Mon Sep 17 00:00:00 2001 From: Kristaps Dzonsons Date: Wed, 1 Dec 2010 16:54:25 +0000 Subject: [PATCH] Merge OpenBSD's `so' handling (plus some documentation). Great work to schwarze@ and joerg@ for his comments! --- main.c | 4 +++- mandoc.h | 4 +++- roff.c | 29 ++++++++++++++++++++++++++++- 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/main.c b/main.c index 2122eda0..16b54def 100644 --- a/main.c +++ b/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.112 2010/12/01 16:28:23 kristaps Exp $ */ +/* $Id: main.c,v 1.113 2010/12/01 16:54:25 kristaps Exp $ */ /* * Copyright (c) 2008, 2009, 2010 Kristaps Dzonsons * Copyright (c) 2010 Ingo Schwarze @@ -122,6 +122,7 @@ static const char * const mandocerrs[MANDOCERR_MAX] = { "generic warning", + ".so is fragile, better use ln(1)", "text should be uppercase", "sections out of conventional order", "section name repeats", @@ -190,6 +191,7 @@ static const char * const mandocerrs[MANDOCERR_MAX] = { "argument count wrong, violates syntax", "child violates parent syntax", "argument count wrong, violates syntax", + "NOT IMPLEMENTED: .so with absolute path or \"..\"", "no document body", "no document prologue", "utsname system call failed", diff --git a/mandoc.h b/mandoc.h index 404daee2..207dbe2b 100644 --- a/mandoc.h +++ b/mandoc.h @@ -1,4 +1,4 @@ -/* $Id: mandoc.h,v 1.25 2010/12/01 10:31:35 kristaps Exp $ */ +/* $Id: mandoc.h,v 1.26 2010/12/01 16:54:25 kristaps Exp $ */ /* * Copyright (c) 2010 Kristaps Dzonsons * @@ -45,6 +45,7 @@ enum mandocerr { MANDOCERR_OK, MANDOCERR_WARNING, /* ===== start of warnings ===== */ + MANDOCERR_SO, /* .so is fragile, better use ln(1) */ MANDOCERR_UPPERCASE, /* text should be uppercase */ MANDOCERR_SECOOO, /* sections out of conventional order */ MANDOCERR_SECREP, /* section name repeats */ @@ -114,6 +115,7 @@ enum mandocerr { MANDOCERR_SYNTARGVCOUNT, /* argument count wrong, violates syntax */ MANDOCERR_SYNTCHILD, /* child violates parent syntax */ MANDOCERR_SYNTARGCOUNT, /* argument count wrong, violates syntax */ + MANDOCERR_SOPATH, /* NOT IMPLEMENTED: .so with absolute path or ".." */ MANDOCERR_NODOCBODY, /* no document body */ MANDOCERR_NODOCPROLOG, /* no document prologue */ MANDOCERR_UTSNAME, /* utsname system call failed */ diff --git a/roff.c b/roff.c index b062d6a9..dd2d926c 100644 --- a/roff.c +++ b/roff.c @@ -1,4 +1,4 @@ -/* $Id: roff.c,v 1.104 2010/12/01 10:31:35 kristaps Exp $ */ +/* $Id: roff.c,v 1.105 2010/12/01 16:54:25 kristaps Exp $ */ /* * Copyright (c) 2010 Kristaps Dzonsons * Copyright (c) 2010 Ingo Schwarze @@ -62,6 +62,7 @@ enum rofft { ROFF_nh, ROFF_nr, ROFF_rm, + ROFF_so, ROFF_tr, ROFF_cblock, ROFF_ccond, /* FIXME: remove this. */ @@ -141,6 +142,7 @@ static int roff_res(struct roff *, char **, size_t *, int); static void roff_setstr(struct roff *, const char *, const char *); +static enum rofferr roff_so(ROFF_ARGS); static char *roff_strdup(const char *); /* See roff_hash_find() */ @@ -169,6 +171,7 @@ static struct roffmac roffs[ROFF_MAX] = { { "nh", roff_line_ignore, NULL, NULL, 0, NULL }, { "nr", roff_nr, NULL, NULL, 0, NULL }, { "rm", roff_line_error, NULL, NULL, 0, NULL }, + { "so", roff_so, NULL, NULL, 0, NULL }, { "tr", roff_line_ignore, NULL, NULL, 0, NULL }, { ".", roff_cblock, NULL, NULL, 0, NULL }, { "\\}", roff_ccond, NULL, NULL, 0, NULL }, @@ -1054,6 +1057,30 @@ roff_nr(ROFF_ARGS) return(ROFF_IGN); } +/* ARGSUSED */ +static enum rofferr +roff_so(ROFF_ARGS) +{ + char *name; + + (*r->msg)(MANDOCERR_SO, r->data, ln, ppos, NULL); + + /* + * Handle `so'. Be EXTREMELY careful, as we shouldn't be + * opening anything that's not in our cwd or anything beneath + * it. Thus, explicitly disallow traversing up the file-system + * or using absolute paths. + */ + + name = *bufp + pos; + if ('/' == *name || strstr(name, "../") || strstr(name, "/..")) { + (*r->msg)(MANDOCERR_SOPATH, r->data, ln, pos, NULL); + return(ROFF_ERR); + } + + *offs = pos; + return(ROFF_SO); +} static char * roff_strdup(const char *name) -- 2.47.1