[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU M4 source repository branch, branch-1_4, updated. branch-cvs-r
|
From: |
Eric Blake |
|
Subject: |
[SCM] GNU M4 source repository branch, branch-1_4, updated. branch-cvs-readonly-48-gc753146 |
|
Date: |
Wed, 06 Feb 2008 17:31:43 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU M4 source repository".
http://git.sv.gnu.org/gitweb/?p=m4.git;a=commitdiff;h=c75314631bbd077c347f49c74982d4b1fa2f66c2
The branch, branch-1_4 has been updated
via c75314631bbd077c347f49c74982d4b1fa2f66c2 (commit)
via 31a324eebafbc80859b25df810e63296571159ad (commit)
from 6aa361e373ffb74330dd7851ecd40315784488a8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c75314631bbd077c347f49c74982d4b1fa2f66c2
Author: Eric Blake <address@hidden>
Date: Wed Feb 6 10:14:48 2008 -0700
Fix security hole introduced 2007-11-22.
* src/m4.h (includes): Add quotearg.h.
* src/m4.c (m4_verror_at_line): Properly escape macro names.
(main): Manage quoteargs defaults.
* doc/m4.texinfo (Indir): Document and test this.
Signed-off-by: Eric Blake <address@hidden>
commit 31a324eebafbc80859b25df810e63296571159ad
Author: Eric Blake <address@hidden>
Date: Tue Feb 5 14:29:23 2008 -0700
strtod has been in use since 2008-01-17.
* m4/gnulib-cache.m4: Import the strtod module.
Signed-off-by: Eric Blake <address@hidden>
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 12 ++++++++++++
doc/m4.texinfo | 14 ++++++++++++++
m4/gnulib-cache.m4 | 4 ++--
src/m4.c | 30 ++++++++++++++++++++++++++----
src/m4.h | 1 +
5 files changed, 55 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 44e7925..8d76e5e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2008-02-06 Eric Blake <address@hidden>
+
+ Fix security hole introduced 2007-11-22.
+ * src/m4.h (includes): Add quotearg.h.
+ * src/m4.c (m4_verror_at_line): Properly escape macro names.
+ (main): Manage quoteargs defaults.
+ * doc/m4.texinfo (Indir): Document and test this.
+
+2008-02-05 Eric Blake <address@hidden>
+
+ * m4/gnulib-cache.m4: Import the strtod module.
+
2008-02-02 Eric Blake <address@hidden>
Stage 14: allow pushing argv references.
diff --git a/doc/m4.texinfo b/doc/m4.texinfo
index c5c7c54..dc33620 100644
--- a/doc/m4.texinfo
+++ b/doc/m4.texinfo
@@ -2411,6 +2411,20 @@ indir(`divert', defn(`foo'))
@result{}
@end example
+Warning messages issued on behalf of an indirect macro use an
+unambiguous representation of the macro name, using escape sequences
+similar to C strings, and with colons also quoted.
+
address@hidden
+define(`%%:\
+odd', defn(`divnum'))
address@hidden
+indir(`%%:\
+odd', `extra')
address@hidden:stdin:3: Warning: %%\:\\\nodd: extra arguments ignored: 1 > 0
address@hidden
address@hidden example
+
@node Builtin
@section Indirect call of builtins
diff --git a/m4/gnulib-cache.m4 b/m4/gnulib-cache.m4
index 0055a69..be1c121 100644
--- a/m4/gnulib-cache.m4
+++ b/m4/gnulib-cache.m4
@@ -15,11 +15,11 @@
# Specification in the form of a command-line invocation:
-# gnulib-tool --import --dir=. --local-dir=local --lib=libm4
--source-base=lib --m4-base=m4 --doc-base=doc --aux-dir=build-aux --with-tests
--no-libtool --macro-prefix=M4 assert avltree-oset binary-io clean-temp cloexec
close-stream closein config-h error fdl fflush flexmember fopen-safer free
fseeko gendocs getopt gnupload gpl-3.0 intprops memmem mkstemp obstack quote
regex stdbool stdint stdlib-safer strtol unlocked-io vasnprintf-posix verror
version-etc version-etc-fsf xalloc xprintf xvasprintf-posix
+# gnulib-tool --import --dir=. --local-dir=local --lib=libm4
--source-base=lib --m4-base=m4 --doc-base=doc --aux-dir=build-aux --with-tests
--no-libtool --macro-prefix=M4 assert avltree-oset binary-io clean-temp cloexec
close-stream closein config-h error fdl fflush flexmember fopen-safer free
fseeko gendocs getopt gnupload gpl-3.0 intprops memmem mkstemp obstack quote
regex stdbool stdint stdlib-safer strtod strtol unlocked-io vasnprintf-posix
verror version-etc version-etc-fsf xalloc xprintf xvasprintf-posix
# Specification in the form of a few gnulib-tool.m4 macro invocations:
gl_LOCAL_DIR([local])
-gl_MODULES([assert avltree-oset binary-io clean-temp cloexec close-stream
closein config-h error fdl fflush flexmember fopen-safer free fseeko gendocs
getopt gnupload gpl-3.0 intprops memmem mkstemp obstack quote regex stdbool
stdint stdlib-safer strtol unlocked-io vasnprintf-posix verror version-etc
version-etc-fsf xalloc xprintf xvasprintf-posix])
+gl_MODULES([assert avltree-oset binary-io clean-temp cloexec close-stream
closein config-h error fdl fflush flexmember fopen-safer free fseeko gendocs
getopt gnupload gpl-3.0 intprops memmem mkstemp obstack quote regex stdbool
stdint stdlib-safer strtod strtol unlocked-io vasnprintf-posix verror
version-etc version-etc-fsf xalloc xprintf xvasprintf-posix])
gl_AVOID([])
gl_SOURCE_BASE([lib])
gl_M4_BASE([m4])
diff --git a/src/m4.c b/src/m4.c
index 2cfed19..a6bc92a 100644
--- a/src/m4.c
+++ b/src/m4.c
@@ -1,7 +1,7 @@
/* GNU m4 -- A simple macro processor
- Copyright (C) 1989, 1990, 1991, 1992, 1993, 1994, 2004, 2005, 2006, 2007
- Free Software Foundation, Inc.
+ Copyright (C) 1989, 1990, 1991, 1992, 1993, 1994, 2004, 2005, 2006,
+ 2007, 2008 Free Software Foundation, Inc.
This file is part of GNU M4.
@@ -98,18 +98,37 @@ m4_verror_at_line (bool warn, int status, int errnum, const
char *file,
va_list args)
{
char *full = NULL;
+ char *safe_macro = NULL;
+
+ /* Sanitize MACRO, since we are turning around and using it in a
+ format string. The allocation is overly conservative, but
+ problematic macro names only occur via indir or changeword. */
+ if (macro && strchr (macro, '%'))
+ {
+ char *p = safe_macro = xcharalloc (2 * strlen (macro) + 1);
+ do
+ {
+ if (*macro == '%')
+ *p++ = '%';
+ *p++ = *macro++;
+ }
+ while (*macro);
+ }
/* Prepend warning and the macro name, as needed. But if that fails
for non-memory reasons (unlikely), then still use the original
format. */
if (warn && macro)
- full = xasprintf (_("Warning: %s: %s"), macro, format);
+ full = xasprintf (_("Warning: %s: %s"),
+ quotearg (safe_macro ? safe_macro : macro), format);
else if (warn)
full = xasprintf (_("Warning: %s"), format);
else if (macro)
- full = xasprintf (_("%s: %s"), macro, format);
+ full = xasprintf (_("%s: %s"),
+ quotearg (safe_macro ? safe_macro : macro), format);
verror_at_line (status, errnum, line ? file : NULL, line,
full ? full : format, args);
free (full);
+ free (safe_macro);
if ((!warn || fatal_warnings) && !retcode)
retcode = EXIT_FAILURE;
}
@@ -435,6 +454,8 @@ main (int argc, char *const *argv, char *const *envp)
include_init ();
debug_init ();
+ set_quoting_style (NULL, escape_quoting_style);
+ set_char_quoting (NULL, ':', 1);
#ifdef USE_STACKOVF
setup_stackovf_trap (argv, envp, stackovf_handler);
#endif
@@ -687,6 +708,7 @@ main (int argc, char *const *argv, char *const *envp)
}
output_exit ();
free_regex ();
+ quotearg_free ();
#ifdef DEBUG_REGEX
if (trace_file)
fclose (trace_file);
diff --git a/src/m4.h b/src/m4.h
index b5430d2..0f11366 100644
--- a/src/m4.h
+++ b/src/m4.h
@@ -43,6 +43,7 @@
#include "exitfail.h"
#include "intprops.h"
#include "obstack.h"
+#include "quotearg.h"
#include "stdio--.h"
#include "stdlib--.h"
#include "unistd--.h"
hooks/post-receive
--
GNU M4 source repository
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU M4 source repository branch, branch-1_4, updated. branch-cvs-readonly-48-gc753146,
Eric Blake <=