Home GnuPG
Diffusion GnuPG ccf3ba92087e

g10: Fix regexp sanitization.

Description

g10: Fix regexp sanitization.

* g10/trustdb.c (sanitize_regexp): Only escape operators.

To sanitize a regular expression, quoting by backslash should be only
done for defined characters. POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library. Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

  • GnuPG-bug-id: T2923
  • Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Nov 9 2017, 6:03 AM
Parents
rG68284e150949: doc: Include NEWS from the 2.2.2 release
Branches
Unknown
Tags
Unknown
Tasks
T2923: trust signature domain restrictions don't work