diff options
| author |   schwarze <schwarze@openbsd.org> | 2019-02-06 20:54:28 +0000 |
|---|---|---|
| committer | schwarze <schwarze@openbsd.org> | 2019-02-06 20:54:28 +0000 |
| commit | 7ad9cfd634d333f179a6b79928f20455946b3a19 (patch) | |
| tree | f7a3be6a0555cde5dd3b6b35ada00679c6029a6c /usr.bin/mandoc/roff.c | |
| parent | adjust style and comments in roff_getname(); no functional change (diff) | |
| download | wireguard-openbsd-7ad9cfd634d333f179a6b79928f20455946b3a19.tar.xz wireguard-openbsd-7ad9cfd634d333f179a6b79928f20455946b3a19.zip | |
Let roff_getname() end the roff identifier at a tab character
and audit all its callers whether termination is handled correctly.
Resulting improvements:
* An escape or tab ending the macro name in a macro invocation
is discarded, and argument processing is started after it.
* An escape or tab ending a name in ".if d" and ".if r" is preserved.
* An escape ending a name in ".ds" causes the whole request to be ignored.
* A tab ending a name in ".ds" becomes part of the string.
* An escape or tab ending a name in ".rm"
causes the rest of the line to be ignored.
* An escape or tab ending the first name in ".als", ".rn", or ".nr"
causes the whole request to be ignored.
Kurt Jaeger <pi at FreeBSD> made me aware of
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235456#c0
and in that bug report, comment 0 item (3) is a special case
of this class of issues.
Yes, the "mh" manual pages are no doubt among the worst on the planet.
Diffstat (limited to 'usr.bin/mandoc/roff.c')
| -rw-r--r-- | usr.bin/mandoc/roff.c | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/usr.bin/mandoc/roff.c b/usr.bin/mandoc/roff.c index 4b8198ca9e9..b14aebd8071 100644 --- a/usr.bin/mandoc/roff.c +++ b/usr.bin/mandoc/roff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roff.c,v 1.234 2019/02/06 17:39:57 schwarze Exp $ */ +/* $OpenBSD: roff.c,v 1.235 2019/02/06 20:54:28 schwarze Exp $ */ /* * Copyright (c) 2008-2012, 2014 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010-2015, 2017-2019 Ingo Schwarze <schwarze@openbsd.org> @@ -2535,7 +2535,7 @@ roff_evalcond(struct roff *r, int ln, char *v, int *pos) roff_getstrn(r, name, sz, &deftype); istrue = !!deftype; } - *pos = cp - v; + *pos = (name + sz) - v; return istrue == wanttrue; default: break; @@ -2681,8 +2681,15 @@ roff_ds(ROFF_ARGS) return ROFF_IGN; namesz = roff_getname(r, &string, ln, pos); - if (name[namesz] == '\\') + switch (name[namesz]) { + case '\\': return ROFF_IGN; + case '\t': + string = buf->buf + pos + namesz; + break; + default: + break; + } /* Read past the initial double-quote, if any. */ if (*string == '"') @@ -3058,7 +3065,7 @@ roff_nr(ROFF_ARGS) return ROFF_IGN; keysz = roff_getname(r, &val, ln, pos); - if (key[keysz] == '\\') + if (key[keysz] == '\\' || key[keysz] == '\t') return ROFF_IGN; sign = *val; @@ -3122,7 +3129,7 @@ roff_rm(ROFF_ARGS) namesz = roff_getname(r, &cp, ln, (int)(cp - buf->buf)); roff_setstrn(&r->strtab, name, namesz, NULL, 0, 0); roff_setstrn(&r->rentab, name, namesz, NULL, 0, 0); - if (name[namesz] == '\\') + if (name[namesz] == '\\' || name[namesz] == '\t') break; } return ROFF_IGN; @@ -3457,7 +3464,7 @@ roff_als(ROFF_ARGS) return ROFF_IGN; newsz = roff_getname(r, &oldn, ln, pos); - if (newn[newsz] == '\\' || *oldn == '\0') + if (newn[newsz] == '\\' || newn[newsz] == '\t' || *oldn == '\0') return ROFF_IGN; end = oldn; @@ -3687,7 +3694,7 @@ roff_rn(ROFF_ARGS) return ROFF_IGN; oldsz = roff_getname(r, &newn, ln, pos); - if (oldn[oldsz] == '\\' || *newn == '\0') + if (oldn[oldsz] == '\\' || oldn[oldsz] == '\t' || *newn == '\0') return ROFF_IGN; end = newn; @@ -3881,8 +3888,12 @@ roff_getname(struct roff *r, char **cpp, int ln, int pos) for (cp = name; 1; cp++) { namesz = cp - name; - if (*cp == '\0' || *cp == ' ') + if (*cp == '\0') break; + if (*cp == ' ' || *cp == '\t') { + cp++; + break; + } if (*cp != '\\') continue; if (cp[1] == '{' || cp[1] == '}') |