From 6ff12f703214bee5cb92ba0c851969dffc6c29cd Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Wed, 2 Sep 2015 19:29:51 -0500 Subject: Sanitize seq -f string. --- toys/lsb/seq.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'toys') diff --git a/toys/lsb/seq.c b/toys/lsb/seq.c index bf5cab1c..8e7d2783 100644 --- a/toys/lsb/seq.c +++ b/toys/lsb/seq.c @@ -29,6 +29,26 @@ GLOBALS( char *fmt; ) +// Ensure there's one %f escape with correct attributes +static void insanitize(char *f) +{ + char *s; + int found = 0; + + for (s = f; *s; s++) { + while (*s != '%') continue; + if (*++s == '%') continue; + if (found++) break; + while (strchr("'#-+ ", *s)) s++; + while (isdigit(*s)) s++; + if (*s == '.') s++; + while (isdigit(*s)) s++; + if (!strchr("aAeEfFgG", *s)) break; + } + // The @ is a byte offset, not utf8 chars. Waiting for somebody to complain... + if (*s) error_exit("bad -f '%s@'%d"); +} + void seq_main(void) { double first, increment, last, dd; @@ -45,7 +65,7 @@ void seq_main(void) default: last = atof(toys.optargs[toys.optc-1]); } - if (toys.optflags & FLAG_f) fmt_str = TT.fmt; + if (toys.optflags & FLAG_f) insanitize(fmt_str = TT.fmt); if (toys.optflags & FLAG_s) sep_str = TT.sep; // Yes, we're looping on a double. Yes rounding errors can accumulate if -- cgit v1.2.3