From: ian <ian>
Date: Sat, 30 Jan 1999 23:37:45 +0000 (+0000)
Subject: Fix quoted strings.  Oops.
X-Git-Tag: debian_version_0_60_2
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv.git;a=commitdiff_plain;h=7bc3c582a0a80d34d2c9c86ed9a588b3983e0db1

Fix quoted strings.  Oops.
---

diff --git a/client.c b/client.c
index 4987073..243a333 100644
--- a/client.c
+++ b/client.c
@@ -372,7 +372,6 @@ static void sighandler_chld(int ignored) /* DOES return, unlike in daemon */ {
     if (child == 0 || (child == -1 && errno == ECHILD)) break;
     if (child == -1) syscallerror("wait for child process (in sigchld handler)");
     for (fd=0; fd<fdsetupsize && fdsetup[fd].catpid != child; fd++);
-fprintf(stderr,"chld found pid=%ld fd=%d setupsize=%d\n",(long)child,fd,fdsetupsize);
     if (fd>=fdsetupsize) continue; /* perhaps the caller gave us children */
     if ((WIFEXITED(status) && WEXITSTATUS(status)==0) ||
 	(WIFSIGNALED(status) && WTERMSIG(status)==SIGPIPE) ||
diff --git a/debian/changelog b/debian/changelog
index 5e85e9e..d029120 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-userv (0.60.1) frozen unstable; urgency=high
+userv (0.60.2) frozen unstable; urgency=high
 
   * Fixed failure to save pathnames in a couple of places in parser.c.
     Without this, include-directory would often try to open a garbage
@@ -6,10 +6,7 @@ userv (0.60.1) frozen unstable; urgency=high
     user-owned config files were included from sysadmin-defined files,
     and the sysadmin wants to control how a user provides services.
 
-  * Fix failure to terminate string properly in parser.c, which would usually
-    cause "-quoted strings to be mishandled.  (This is not thought to
-    be security-critical, and the bug can be avoided by not using
-    "-quoted strings in configuration files.)
+  * Fix "-quoted strings, which previously never worked at all.
 
   * Fixed spurious failure with `Interrupted system call' on systems
     where fread can fail due to read giving EINTR (blech!)
@@ -36,7 +33,7 @@ userv (0.60.1) frozen unstable; urgency=high
 
   * Debian package description mentions use by system admin.
 
- -- 
+ -- Ian Jackson <ian@davenant.greenend.org.uk>  Sat, 30 Jan 1999 23:38:17 +0000
 
 
 *** Main changelog file included here - see far down this file for the
diff --git a/debian/rules b/debian/rules
index 465d2a7..f58644d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,14 +1,12 @@
 #!/usr/bin/make -f
 
 package=userv
-revision=$(shell dpkg-parsechangelog | sed -n 's/^Version:.*-//p')
-verext=-$(revision)deb
 
 build:
 	$(checkdir)
 	./configure --prefix=/usr
-	$(MAKE) VEREXT=$(verext)
-	$(MAKE) spec.html VEREXT=$(verext)
+	$(MAKE)
+	$(MAKE) spec.html
 	touch build
 
 clean:
@@ -35,7 +33,6 @@ binary-arch:	checkroot build
 	chmod +x debian/tmp/DEBIAN/{postinst,prerm,postrm}
 	chmod +x debian/tmp/etc/init.d/userv
 	$(MAKE) LDFLAGS=-s INSTALL_PROGRAM='install -c -s' \
-		VEREXT=$(verext) \
 		prefix=debian/tmp/usr etcdir=debian/tmp/etc install
 	cp debian/copyright debian/tmp/usr/doc/$(package)/.
 	cp debian/changelog debian/tmp/usr/doc/$(package)/changelog
diff --git a/lexer.l.m4 b/lexer.l.m4
index 0b7e705..5aaeff0 100644
--- a/lexer.l.m4
+++ b/lexer.l.m4
@@ -178,14 +178,14 @@ changequote({*,*})
 			  parseerrprint("missing newline at eof after comment");
 			  return tokv_error;
 			}
-[^\ \t\n]+		return tokv_barestring;
-\"([^\\\"\n]|\\[a-z]|\\[0-9]{3}|\\x[0-9A-Fa-f]{2}|\\[:punct:]|\\[ \t]*\n)*\" {
+\"([^\\\"\n]|\\[a-z]|\\[0-9]{3}|\\x[0-9A-Fa-f]{2}|\\[[:punct:]]|\\[ \t]*\n)*\" {
 			  return dequote(yytext);
 			}
 \".*    		{
 			  parseerrprint("misquoted or unterminated string");
 			  return tokv_error;
 			}
+[^\ \t\n]+		return tokv_barestring;
 <<EOF>>		        return tokv_eof;
 *}
 changequote(`,')
diff --git a/parser.c b/parser.c
index aa11d8e..ad0829d 100644
--- a/parser.c
+++ b/parser.c
@@ -139,7 +139,7 @@ static void freecharparray(char **array) {
 static int dequote(char *inplace) {
   char *p, *q, buf[4], *bep;
   int v;
-  
+
   p=q=inplace;
   assert(*p++ = '"');
   while (*p && *p != '"') {
@@ -149,21 +149,32 @@ static int dequote(char *inplace) {
     case 'r': *q++= '\r'; continue;
     case 't': *q++= '\t'; continue;
     case 'x':
-      assert(buf[0]= *++p); assert(buf[1]= *++p); buf[2]= 0;
-      v= strtoul(buf,&bep,16); assert(bep == buf+2);
-      assert(!(v & ~0xff)); *q++= v; p++; continue;
+      p++;
+      if (!((buf[0]= *p++) && (buf[1]= *p++))) {
+	parseerrprint("quoted string ends inside \\x<hex> sequence");
+	return tokv_error;
+      }
+      buf[2]= 0;
+      v= strtoul(buf,&bep,16);
+      if (bep != buf+2) {
+	parseerrprint("invalid \\<hex> sequence \\x%s in quoted string",buf);
+	return tokv_error;
+      }
+      assert(!(v & ~0xff));
+      *q++= v;
+      continue;
     default:
       if (isalpha(*p)) {
         parseerrprint("unknown \\<letter> sequence \\%c in quoted string",*p);
         return tokv_error;
       } else if (isdigit(*p)) {
-        assert(buf[0]= *++p); assert(buf[1]= *++p); assert(buf[2]= *++p);
+        if (!((buf[0]= *p++) && (buf[1]= *p++) && (buf[2]= *p++))) abort();
         buf[3]= 0; v= strtoul(buf,&bep,8);
-        if (bep != buf+3 || (v & ~0xff)); {
+        if (bep != buf+3 || (v & ~0xff)) {
           parseerrprint("invalid \\<octal> sequence \\%s in quoted string",buf);
           return tokv_error;
         }
-        *q++= v; p++; continue;
+        *q++= v; continue;
       } else if (ispunct(*p)) {
         *q++= *p++; continue;
       } else {