diff options
| author | Rob Landley <rob@landley.net> | 2015-09-02 19:29:51 -0500 |
|---|---|---|
| committer | Rob Landley <rob@landley.net> | 2015-09-02 19:29:51 -0500 |
| commit | 6ff12f703214bee5cb92ba0c851969dffc6c29cd (patch) | |
| tree | 91c01fe3bdba46f481b2ce946880b82544d08e1c | |
| parent | 54524ccbf83feb842271cf08349d9626b753f20f (diff) | |
| download | toybox-6ff12f703214bee5cb92ba0c851969dffc6c29cd.tar.gz | |
Sanitize seq -f string.
| -rw-r--r-- | toys/lsb/seq.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/toys/lsb/seq.c b/toys/lsb/seq.c index bf5cab1c..8e7d2783 100644 --- a/toys/lsb/seq.c +++ b/toys/lsb/seq.c @@ -29,6 +29,26 @@ GLOBALS( char *fmt; ) +// Ensure there's one %f escape with correct attributes +static void insanitize(char *f) +{ + char *s; + int found = 0; + + for (s = f; *s; s++) { + while (*s != '%') continue; + if (*++s == '%') continue; + if (found++) break; + while (strchr("'#-+ ", *s)) s++; + while (isdigit(*s)) s++; + if (*s == '.') s++; + while (isdigit(*s)) s++; + if (!strchr("aAeEfFgG", *s)) break; + } + // The @ is a byte offset, not utf8 chars. Waiting for somebody to complain... + if (*s) error_exit("bad -f '%s@'%d"); +} + void seq_main(void) { double first, increment, last, dd; @@ -45,7 +65,7 @@ void seq_main(void) default: last = atof(toys.optargs[toys.optc-1]); } - if (toys.optflags & FLAG_f) fmt_str = TT.fmt; + if (toys.optflags & FLAG_f) insanitize(fmt_str = TT.fmt); if (toys.optflags & FLAG_s) sep_str = TT.sep; // Yes, we're looping on a double. Yes rounding errors can accumulate if |