From 67ea27918bbc5d0ff497d13da2eab705f3a928e4 Mon Sep 17 00:00:00 2001
From: ian <ian>
Date: Sat, 9 Oct 1999 16:12:53 +0000
Subject: [PATCH] Avoid accessing backup, auto-save files, etc, with
 include-lookup.

---
 debian/changelog |  7 +++++++
 parser.c         | 10 ++++++++--
 spec.sgml        | 11 ++++++-----
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 42b9775..0ee5efe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+userv (0.65.0) unstable; urgency=high
+
+  * Avoid accessing backup, auto-save files, etc, with include-lookup.
+    Everything except a-z 0-9 - _ must now be prefixed by a colon.
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk>  Sat,  9 Oct 1999 17:09:24 +0100
+
 userv (0.64.1) unstable; urgency=low
 
   * New "shutdown" builtin service for terminating uservd.
diff --git a/parser.c b/parser.c
index 5f6ebad..01b770e 100644
--- a/parser.c
+++ b/parser.c
@@ -1089,8 +1089,14 @@ int df_includelookup(int dtoken) {
       } else {
 	if (*p=='.') *q++= ':';
 	while ((c= *p++)) {
-	  if (c=='/') { *q++= ':'; c='-'; }
-	  else if (c==':') { *q++= ':'; }
+	  if (c=='/') {
+	    *q++= ':';
+	    c= '-';
+	  } else if (!((c >= '0' && c <= '9') ||
+		       (c >= 'a' && c <= 'z') ||
+		       c == '-' || c == '_')) {
+	    *q++= ':';
+	  }
 	  *q++= c;
 	}
 	*q++= 0;
diff --git a/spec.sgml b/spec.sgml
index 8328bf3..57329a4 100644
--- a/spec.sgml
+++ b/spec.sgml
@@ -641,11 +641,12 @@ the directory cannot be accessed.
 
 <p>
 A translation will be applied to values before they are used to
-construct a filename, so that the lookup cannot access dotfiles or
-files in other directories: values starting with full stops will have
-a colon prepended (making <tt/:./), colons will be doubled, and each
-slash will be replaced with a colon followed by a hyphen <tt>:-</>.  A
-parameter value which is the empty string will be replaced with
+construct a filename, so that the lookup cannot access dotfiles,
+backup files, files in other directories and the like: each slash will
+be replaced with a colon followed by a hyphen <tt>:-</>, and all
+characters which are not lowercase alphanumerics, hyphens or
+underscores will have a colon prepended (so that colons are doubled).
+A parameter value which is the empty string will be replaced with
 <tt/:empty/ (note that this is different from a parameter not having
 any values).
 
-- 
2.30.2