Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Dec 2014 20:23:20 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r275918 - head/usr.bin/seq
Message-ID:  <201412182023.sBIKNKvE063380@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Thu Dec 18 20:23:19 2014
New Revision: 275918
URL: https://svnweb.freebsd.org/changeset/base/275918

Log:
  Sync with NetBSD, mainly address NetBSD bug #43355:
  
  Fix valid_format() to be more careful about allowing only valid
  printf formats.
  
  Obtained from:	NetBSD
  MFC after:	2 weeks

Modified:
  head/usr.bin/seq/seq.1
  head/usr.bin/seq/seq.c

Modified: head/usr.bin/seq/seq.1
==============================================================================
--- head/usr.bin/seq/seq.1	Thu Dec 18 19:33:28 2014	(r275917)
+++ head/usr.bin/seq/seq.1	Thu Dec 18 20:23:19 2014	(r275918)
@@ -1,4 +1,4 @@
-.\"	$NetBSD: seq.1,v 1.6 2008/11/26 15:03:47 ginsbach Exp $
+.\"	$NetBSD: seq.1,v 1.8 2013/04/07 17:37:45 jdf Exp $
 .\"
 .\" Copyright (c) 2005 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd February 19, 2010
+.Dd September 10, 2013
 .Dt SEQ 1
 .Os
 .Sh NAME
@@ -59,7 +59,7 @@ as possible, in increments of
 When
 .Ar first
 is larger than
-.Ar last
+.Ar last ,
 the default
 .Ar incr
 is -1.
@@ -79,8 +79,11 @@ style
 .Ar format
 to print each number.
 Only the
+.Cm A ,
+.Cm a ,
 .Cm E ,
 .Cm e ,
+.Cm F ,
 .Cm f ,
 .Cm G ,
 .Cm g ,

Modified: head/usr.bin/seq/seq.c
==============================================================================
--- head/usr.bin/seq/seq.c	Thu Dec 18 19:33:28 2014	(r275917)
+++ head/usr.bin/seq/seq.c	Thu Dec 18 20:23:19 2014	(r275918)
@@ -1,4 +1,4 @@
-/*	$NetBSD: seq.c,v 1.5 2008/07/21 14:19:26 lukem Exp $	*/
+/*	$NetBSD: seq.c,v 1.7 2010/05/27 08:40:19 dholland Exp $	*/
 /*
  * Copyright (c) 2005 The NetBSD Foundation, Inc.
  * All rights reserved.
@@ -158,6 +158,8 @@ main(int argc, char *argv[])
 		if (!valid_format(fmt))
 			errx(1, "invalid format string: `%s'", fmt);
 		fmt = unescape(fmt);
+		if (!valid_format(fmt))
+			errx(1, "invalid format string");
 		/*
 	         * XXX to be bug for bug compatible with Plan 9 add a
 		 * newline if none found at the end of the format string.
@@ -225,39 +227,56 @@ numeric(const char *s)
 static int
 valid_format(const char *fmt)
 {
-	int conversions = 0;
+	unsigned conversions = 0;
 
 	while (*fmt != '\0') {
 		/* scan for conversions */
-		if (*fmt != '\0' && *fmt != '%') {
-			do {
-				fmt++;
-			} while (*fmt != '\0' && *fmt != '%');
+		if (*fmt != '%') {
+			fmt++;
+			continue;
 		}
-		/* scan a conversion */
-		if (*fmt != '\0') {
-			do {
-				fmt++;
+		fmt++;
 
-				/* ok %% */
-				if (*fmt == '%') {
-					fmt++;
-					break;
-				}
-				/* valid conversions */
-				if (strchr("eEfgG", *fmt) &&
-				    conversions++ < 1) {
-					fmt++;
-					break;
-				}
-				/* flags, width and precision */
-				if (isdigit((unsigned char)*fmt) ||
-				    strchr("+- 0#.", *fmt))
-					continue;
+		/* allow %% but not things like %10% */
+		if (*fmt == '%') {
+			fmt++;
+			continue;
+		}
 
-				/* oops! bad conversion format! */
-				return (0);
-			} while (*fmt != '\0');
+		/* flags */
+		while (*fmt != '\0' && strchr("#0- +'", *fmt)) {
+			fmt++;
+		}
+
+		/* field width */
+		while (*fmt != '\0' && strchr("0123456789", *fmt)) {
+			fmt++;
+		}
+
+		/* precision */
+		if (*fmt == '.') {
+			fmt++;
+			while (*fmt != '\0' && strchr("0123456789", *fmt)) {
+				fmt++;
+			}
+		}
+
+		/* conversion */
+		switch (*fmt) {
+		    case 'A':
+		    case 'a':
+		    case 'E':
+		    case 'e':
+		    case 'F':
+		    case 'f':
+		    case 'G':
+		    case 'g':
+			/* floating point formats are accepted */
+			conversions++;
+			break;
+		    default:
+			/* anything else is not */
+			return 0;
 		}
 	}
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201412182023.sBIKNKvE063380>