[PATCH] gpg: Fix regexp sanitization.

Damien Goutte-Gattat dgouttegattat at incenp.org
Tue Jan 17 23:04:45 CET 2017


* g10/trustdb.c (sanitize_regexp): Do not escape normal characters.
--

The current sanitization code escapes ALL characters in the
regular expression, including characters that do not have any
special meaning and only match themselves. Only the dot (.)
is not escaped.

This leads to, e.g., 'example.com' being sanitized into
'\e\x\a\m\p\l\e.\c\o\m', which will then fail to match against
'alice at example.com'.

This patch updates the function to escape only the meaningful
characters (minus the dot).

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 g10/trustdb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/g10/trustdb.c b/g10/trustdb.c
index c113b7e..e5f32da 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1498,7 +1498,7 @@ sanitize_regexp(const char *old)
     {
       if(!escaped && old[start]=='\\')
 	escaped=1;
-      else if(!escaped && old[start]!='.')
+      else if(!escaped && strchr("[]$^()|*+?{}", old[start]))
 	new[idx++]='\\';
       else
 	escaped=0;
-- 
2.9.0




More information about the Gnupg-devel mailing list