summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@openbsd.org>2014-11-27 23:40:19 +0000
committerIngo Schwarze <schwarze@openbsd.org>2014-11-27 23:40:19 +0000
commitd12c35edfd44311ebd716c807ea9f72efa660337 (patch)
tree25bf441b641c3c291192faed5b50e573572513d4
parente60121aa36205c920bf51da52a8b1ca357beb594 (diff)
downloadmandoc-d12c35edfd44311ebd716c807ea9f72efa660337.tar.gz
Downgrade .Bd -file from FATAL to ERROR.
Since this was the last remaining FATAL error in this area, this change will allow major simplifications in the mdoc(7) parser.
-rw-r--r--mandoc.122
-rw-r--r--mandoc.h2
-rw-r--r--mdoc_validate.c2
-rw-r--r--read.c2
4 files changed, 14 insertions, 14 deletions
diff --git a/mandoc.1 b/mandoc.1
index fc6eb2d4..e349fcb0 100644
--- a/mandoc.1
+++ b/mandoc.1
@@ -1396,6 +1396,17 @@ The indicated request or macro has too few or too many arguments.
The syntax tree will contain the wrong number of arguments as given.
Formatting behaviour depends on the specific request or macro in question.
Note that the same message may also occur as a WARNING, see above.
+.It Sy "NOT IMPLEMENTED: Bd -file"
+.Pq mdoc
+For security reasons, the
+.Ic \&Bd
+macro does not support the
+.Fl file
+argument.
+By requesting the inclusion of a sensitive file, a malicious document
+might otherwise trick a privileged user into inadvertently displaying
+the file on the screen, revealing the file content to bystanders.
+The argument is ignored including the file name following it.
.It Sy "missing list type, using -item"
.Pq mdoc
A
@@ -1484,17 +1495,6 @@ cannot handle input files larger than its arbitrary size limit
of 2^31 bytes (2 Gigabytes).
Since useful manuals are always small, this is not a problem in practice.
Parsing is aborted as soon as the condition is detected.
-.It Sy "NOT IMPLEMENTED: Bd -file"
-.Pq mdoc
-For security reasons, the
-.Ic \&Bd
-macro does not support the
-.Fl file
-argument.
-By requesting the inclusion of a sensitive file, a malicious document
-might otherwise trick a privileged user into inadvertently displaying
-the file on the screen, revealing the file content to bystanders.
-The parser exits immediately.
.It Sy "NOT IMPLEMENTED: .so with absolute path or \(dq..\(dq"
.Pq roff
For security reasons,
diff --git a/mandoc.h b/mandoc.h
index 0d2eef28..1065eaa9 100644
--- a/mandoc.h
+++ b/mandoc.h
@@ -159,6 +159,7 @@ enum mandocerr {
/* related to request and macro arguments */
MANDOCERR_NAMESC, /* escaped character not allowed in a name: name */
MANDOCERR_ARGCOUNT, /* argument count wrong */
+ MANDOCERR_BD_FILE, /* NOT IMPLEMENTED: Bd -file */
MANDOCERR_BL_NOTYPE, /* missing list type, using -item: Bl */
MANDOCERR_NM_NONAME, /* missing manual name, using "": Nm */
MANDOCERR_OS_UNAME, /* uname(3) system call failed, using UNKNOWN */
@@ -171,7 +172,6 @@ enum mandocerr {
MANDOCERR_FATAL, /* ===== start of fatal errors ===== */
MANDOCERR_TOOLARGE, /* input too large */
- MANDOCERR_BD_FILE, /* NOT IMPLEMENTED: Bd -file */
MANDOCERR_SO_PATH, /* NOT IMPLEMENTED: .so with absolute path or ".." */
MANDOCERR_SO_FAIL, /* .so request failed */
diff --git a/mdoc_validate.c b/mdoc_validate.c
index e5849068..68a2e6ea 100644
--- a/mdoc_validate.c
+++ b/mdoc_validate.c
@@ -761,7 +761,7 @@ pre_bd(PRE_ARGS)
case MDOC_File:
mandoc_msg(MANDOCERR_BD_FILE, mdoc->parse,
n->line, n->pos, NULL);
- return(0);
+ break;
case MDOC_Offset:
if (0 == argv->sz) {
mandoc_msg(MANDOCERR_ARG_EMPTY,
diff --git a/read.c b/read.c
index 9bea86ae..5096ff38 100644
--- a/read.c
+++ b/read.c
@@ -202,6 +202,7 @@ static const char * const mandocerrs[MANDOCERR_MAX] = {
/* related to request and macro arguments */
"escaped character not allowed in a name",
"argument count wrong",
+ "NOT IMPLEMENTED: Bd -file",
"missing list type, using -item",
"missing manual name, using \"\"",
"uname(3) system call failed, using UNKNOWN",
@@ -214,7 +215,6 @@ static const char * const mandocerrs[MANDOCERR_MAX] = {
"generic fatal error",
"input too large",
- "NOT IMPLEMENTED: Bd -file",
"NOT IMPLEMENTED: .so with absolute path or \"..\"",
".so request failed",