diff options
author | Karl Williamson <khw@cpan.org> | 2019-12-07 13:47:05 -0700 |
---|---|---|
committer | Karl Williamson <khw@cpan.org> | 2019-12-18 09:33:09 -0700 |
commit | 4aada8b9eda25f3f024283c0c27c1424b5ba40ff (patch) | |
tree | 2c0ded2d593e998be054336ebf9648e4e18877fb /vms | |
parent | fcafb10c71dbfc03eacb02eeb0c567facc269a72 (diff) | |
download | perl-4aada8b9eda25f3f024283c0c27c1424b5ba40ff.tar.gz |
Add memCHRs() macro and use it
This replaces strchr("list", c) calls throughout the core. They don't
work properly when 'c' is a NUL, returning the position of the
terminating NUL in "list" instead of failure. This could lead to
segfaults or even security issues.
Diffstat (limited to 'vms')
-rw-r--r-- | vms/vms.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -523,7 +523,7 @@ copy_expand_unix_filename_escape(char *outspec, const char *inspec, int *output_ /* Don't escape again if following character is * already something we escape. */ - if (strchr(".!#&\'`()+@{},;[]%^=_\\", *(inspec+1))) { + if (memCHRs(".!#&\'`()+@{},;[]%^=_\\", *(inspec+1))) { *outspec = *inspec; *output_cnt = 1; return 1; @@ -8799,7 +8799,7 @@ int_tovmsspec(const char *path, char *rslt, int dir_flag, int * utf8_flag) /* Don't escape again if following character is * already something we escape. */ - if (strchr("\"`!#%^&()=+\'@[]{}:\\|<>_.", *(cp2+1))) { + if (memCHRs("\"`!#%^&()=+\'@[]{}:\\|<>_.", *(cp2+1))) { *(cp1++) = *(cp2++); break; } @@ -9755,7 +9755,7 @@ vms_image_init(int *argcp, char ***argvp) for (cp = av[i]+1; *cp; cp++) { if (*cp == 'T') { will_taint = 1; break; } else if ( (*cp == 'd' || *cp == 'V') && *(cp+1) == ':' || - strchr("DFIiMmx",*cp)) break; + memCHRs("DFIiMmx",*cp)) break; } if (will_taint) break; } |