Insufficient validation in @define #85

xonixx · Dec 22, 2021 · 6286fac · 6286fac
1 parent 48acb4a
commit 6286fac
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/Makesurefile b/Makesurefile
@@ -153,7 +153,7 @@ function trim(s) { sub(/^[ \t\r\n]+/, "", s); sub(/[ \t\r\n]+$/, "", s); return
 /^BEGIN/                  { in_begin=1 }
 in_begin && /^}/          { in_begin=0 }
 in_begin && $1 ~ /^split/ { next }
-{ if (!/"#"/ && !/\*\#\//) gsub("\\s*#.+$", ""); gsub(Q, Q "\\" Q Q); if (trim($0)) print}' makesure.awk
+{ if (!/"#"/ && !/\*\#\// && !/\*\(\#/) gsub("\\s*#.+$", ""); gsub(Q, Q "\\" Q Q); if (trim($0)) print}' makesure.awk
     echo \'' Makesurefile "$@"'
   } > "$F"
   chmod +x "$F"

diff --git a/makesure_candidate b/makesure_candidate
@@ -116,10 +116,18 @@ function handleDefine() {
   handleDefineLine($0)
 }
 function handleDefineLine(line,   kv) {
+  if (!checkValidDefineSyntax(line))
+    return
   splitKV(line, kv)
   if (!(kv[0] in DefineOverrides))
     DefinesCode = addL(DefinesCode, line "\nexport " kv[0])
 }
+function checkValidDefineSyntax(line) {
+  if (line ~ /^[ \t]*[A-Za-z_][A-Za-z0-9_]*=(([A-Za-z0-9_]|(\\.))+|('\''[^'\'']*'\'')|("((\\\\)|(\\")|[^"])*")|(\$'\''((\\\\)|(\\'\'')|[^'\''])*'\''))+[ \t]*(#.*)?$/)
+    return 1
+  addError("Invalid define declaration")
+  return 0
+}
 function handleShell() {
   checkPreludeOnly()
   Shell = trim($2)