aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Landley <rob@landley.net>2015-09-02 19:29:51 -0500
committerRob Landley <rob@landley.net>2015-09-02 19:29:51 -0500
commit6ff12f703214bee5cb92ba0c851969dffc6c29cd (patch)
tree91c01fe3bdba46f481b2ce946880b82544d08e1c
parent54524ccbf83feb842271cf08349d9626b753f20f (diff)
downloadtoybox-6ff12f703214bee5cb92ba0c851969dffc6c29cd.tar.gz
Sanitize seq -f string.
-rw-r--r--toys/lsb/seq.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/toys/lsb/seq.c b/toys/lsb/seq.c
index bf5cab1c..8e7d2783 100644
--- a/toys/lsb/seq.c
+++ b/toys/lsb/seq.c
@@ -29,6 +29,26 @@ GLOBALS(
char *fmt;
)
+// Ensure there's one %f escape with correct attributes
+static void insanitize(char *f)
+{
+ char *s;
+ int found = 0;
+
+ for (s = f; *s; s++) {
+ while (*s != '%') continue;
+ if (*++s == '%') continue;
+ if (found++) break;
+ while (strchr("'#-+ ", *s)) s++;
+ while (isdigit(*s)) s++;
+ if (*s == '.') s++;
+ while (isdigit(*s)) s++;
+ if (!strchr("aAeEfFgG", *s)) break;
+ }
+ // The @ is a byte offset, not utf8 chars. Waiting for somebody to complain...
+ if (*s) error_exit("bad -f '%s@'%d");
+}
+
void seq_main(void)
{
double first, increment, last, dd;
@@ -45,7 +65,7 @@ void seq_main(void)
default: last = atof(toys.optargs[toys.optc-1]);
}
- if (toys.optflags & FLAG_f) fmt_str = TT.fmt;
+ if (toys.optflags & FLAG_f) insanitize(fmt_str = TT.fmt);
if (toys.optflags & FLAG_s) sep_str = TT.sep;
// Yes, we're looping on a double. Yes rounding errors can accumulate if