Home GnuPG
Diffusion GnuPG 9441946e1824

g10: Fix regexp sanitization.


g10: Fix regexp sanitization.

* g10/trustdb.c (sanitize_regexp): Only escape operators.

Backport from master commit:

To sanitize a regular expression, quoting by backslash should be only
done for defined characters. POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library. Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

  • GnuPG-bug-id: T2923
  • Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>