diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2014-11-27 23:40:19 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2014-11-27 23:40:19 +0000 |
commit | d12c35edfd44311ebd716c807ea9f72efa660337 (patch) | |
tree | 25bf441b641c3c291192faed5b50e573572513d4 | |
parent | e60121aa36205c920bf51da52a8b1ca357beb594 (diff) | |
download | mandoc-d12c35edfd44311ebd716c807ea9f72efa660337.tar.gz |
Downgrade .Bd -file from FATAL to ERROR.
Since this was the last remaining FATAL error in this area,
this change will allow major simplifications in the mdoc(7) parser.
-rw-r--r-- | mandoc.1 | 22 | ||||
-rw-r--r-- | mandoc.h | 2 | ||||
-rw-r--r-- | mdoc_validate.c | 2 | ||||
-rw-r--r-- | read.c | 2 |
4 files changed, 14 insertions, 14 deletions
@@ -1396,6 +1396,17 @@ The indicated request or macro has too few or too many arguments. The syntax tree will contain the wrong number of arguments as given. Formatting behaviour depends on the specific request or macro in question. Note that the same message may also occur as a WARNING, see above. +.It Sy "NOT IMPLEMENTED: Bd -file" +.Pq mdoc +For security reasons, the +.Ic \&Bd +macro does not support the +.Fl file +argument. +By requesting the inclusion of a sensitive file, a malicious document +might otherwise trick a privileged user into inadvertently displaying +the file on the screen, revealing the file content to bystanders. +The argument is ignored including the file name following it. .It Sy "missing list type, using -item" .Pq mdoc A @@ -1484,17 +1495,6 @@ cannot handle input files larger than its arbitrary size limit of 2^31 bytes (2 Gigabytes). Since useful manuals are always small, this is not a problem in practice. Parsing is aborted as soon as the condition is detected. -.It Sy "NOT IMPLEMENTED: Bd -file" -.Pq mdoc -For security reasons, the -.Ic \&Bd -macro does not support the -.Fl file -argument. -By requesting the inclusion of a sensitive file, a malicious document -might otherwise trick a privileged user into inadvertently displaying -the file on the screen, revealing the file content to bystanders. -The parser exits immediately. .It Sy "NOT IMPLEMENTED: .so with absolute path or \(dq..\(dq" .Pq roff For security reasons, @@ -159,6 +159,7 @@ enum mandocerr { /* related to request and macro arguments */ MANDOCERR_NAMESC, /* escaped character not allowed in a name: name */ MANDOCERR_ARGCOUNT, /* argument count wrong */ + MANDOCERR_BD_FILE, /* NOT IMPLEMENTED: Bd -file */ MANDOCERR_BL_NOTYPE, /* missing list type, using -item: Bl */ MANDOCERR_NM_NONAME, /* missing manual name, using "": Nm */ MANDOCERR_OS_UNAME, /* uname(3) system call failed, using UNKNOWN */ @@ -171,7 +172,6 @@ enum mandocerr { MANDOCERR_FATAL, /* ===== start of fatal errors ===== */ MANDOCERR_TOOLARGE, /* input too large */ - MANDOCERR_BD_FILE, /* NOT IMPLEMENTED: Bd -file */ MANDOCERR_SO_PATH, /* NOT IMPLEMENTED: .so with absolute path or ".." */ MANDOCERR_SO_FAIL, /* .so request failed */ diff --git a/mdoc_validate.c b/mdoc_validate.c index e5849068..68a2e6ea 100644 --- a/mdoc_validate.c +++ b/mdoc_validate.c @@ -761,7 +761,7 @@ pre_bd(PRE_ARGS) case MDOC_File: mandoc_msg(MANDOCERR_BD_FILE, mdoc->parse, n->line, n->pos, NULL); - return(0); + break; case MDOC_Offset: if (0 == argv->sz) { mandoc_msg(MANDOCERR_ARG_EMPTY, @@ -202,6 +202,7 @@ static const char * const mandocerrs[MANDOCERR_MAX] = { /* related to request and macro arguments */ "escaped character not allowed in a name", "argument count wrong", + "NOT IMPLEMENTED: Bd -file", "missing list type, using -item", "missing manual name, using \"\"", "uname(3) system call failed, using UNKNOWN", @@ -214,7 +215,6 @@ static const char * const mandocerrs[MANDOCERR_MAX] = { "generic fatal error", "input too large", - "NOT IMPLEMENTED: Bd -file", "NOT IMPLEMENTED: .so with absolute path or \"..\"", ".so request failed", |