From bf3378829e6debee09473d5e9f1e45d20082ceae Mon Sep 17 00:00:00 2001
From: Kristaps Dzonsons <kristaps@bsd.lv>
Date: Fri, 7 May 2010 05:39:35 +0000
Subject: Protection against running lookup() against quoted words.

---
 Makefile     | 27 ++++++++++++++-------------
 mdoc_macro.c | 41 +++++++++++++++++++++++++----------------
 2 files changed, 39 insertions(+), 29 deletions(-)

diff --git a/Makefile b/Makefile
index 1e188fb0..b67d3123 100644
--- a/Makefile
+++ b/Makefile
@@ -5,9 +5,10 @@ INCLUDEDIR	= $(PREFIX)/include
 LIBDIR		= $(PREFIX)/lib
 MANDIR		= $(PREFIX)/man
 EXAMPLEDIR	= $(PREFIX)/share/examples/mandoc
-INSTALL_PROGRAM	= install -m 0755
-INSTALL_DATA	= install -m 0444
-INSTALL_LIB	= install -m 0644
+INSTALL		?= install
+INSTALL_PROGRAM	= $(INSTALL) -m 0755
+INSTALL_DATA	= $(INSTALL) -m 0444
+INSTALL_LIB	= $(INSTALL) -m 0644
 INSTALL_MAN	= $(INSTALL_DATA)
 
 VERSION	   = 1.9.23
@@ -84,10 +85,10 @@ MANS	   = mandoc.1 mdoc.3 mdoc.7 manuals.7 mandoc_char.7 \
 BINS	   = mandoc
 TESTS	   = test-strlcat.c test-strlcpy.c
 CONFIGS	   = config.h.pre config.h.post
-CLEAN	   = $(BINS) $(LNS) $(LLNS) $(LIBS) $(OBJS) $(HTMLS) \
+DOCLEAN	   = $(BINS) $(LNS) $(LLNS) $(LIBS) $(OBJS) $(HTMLS) \
 	     $(TARGZS) tags $(MD5S) $(XMLS) $(TEXTS) $(GSGMLS) \
 	     $(GHTMLS) config.h config.log
-INSTALL	   = $(SRCS) $(HEADS) Makefile $(MANS) $(SGMLS) $(STATICS) \
+DOINSTALL  = $(SRCS) $(HEADS) Makefile $(MANS) $(SGMLS) $(STATICS) \
 	     $(DATAS) $(XSLS) $(EXAMPLES) $(TESTS) $(CONFIGS)
 
 all:	$(BINS)
@@ -95,7 +96,7 @@ all:	$(BINS)
 lint:	$(LLNS)
 
 clean:
-	rm -f $(CLEAN)
+	rm -f $(DOCLEAN)
 
 cleanlint:
 	rm -f $(LNS) $(LLNS)
@@ -110,11 +111,11 @@ www:	all $(GSGMLS) $(GHTMLS) $(HTMLS) $(TEXTS) $(MD5S) $(TARGZS)
 htmls:	all $(GSGMLS) $(GHTMLS)
 
 installwww: www
-	install -m 0444 $(GHTMLS) $(HTMLS) $(TEXTS) $(STATICS) $(PREFIX)/
-	install -m 0444 mdocml-$(VERSION).tar.gz $(PREFIX)/snapshots/
-	install -m 0444 mdocml-$(VERSION).md5 $(PREFIX)/snapshots/
-	install -m 0444 mdocml-$(VERSION).tar.gz $(PREFIX)/snapshots/mdocml.tar.gz
-	install -m 0444 mdocml-$(VERSION).md5 $(PREFIX)/snapshots/mdocml.md5
+	$(INSTALL_DATA) $(GHTMLS) $(HTMLS) $(TEXTS) $(STATICS) $(PREFIX)/
+	$(INSTALL_DATA) mdocml-$(VERSION).tar.gz $(PREFIX)/snapshots/
+	$(INSTALL_DATA) mdocml-$(VERSION).md5 $(PREFIX)/snapshots/
+	$(INSTALL_DATA) mdocml-$(VERSION).tar.gz $(PREFIX)/snapshots/mdocml.tar.gz
+	$(INSTALL_DATA) mdocml-$(VERSION).md5 $(PREFIX)/snapshots/mdocml.md5
 
 install:
 	mkdir -p $(BINDIR)
@@ -205,9 +206,9 @@ ChangeLog.txt:
 ChangeLog.html: ChangeLog.xml ChangeLog.xsl
 	xsltproc -o $@ ChangeLog.xsl ChangeLog.xml
 
-mdocml-$(VERSION).tar.gz: $(INSTALL)
+mdocml-$(VERSION).tar.gz: $(DOINSTALL)
 	mkdir -p .dist/mdocml/mdocml-$(VERSION)/
-	cp -f $(INSTALL) .dist/mdocml/mdocml-$(VERSION)/
+	cp -f $(DOINSTALL) .dist/mdocml/mdocml-$(VERSION)/
 	( cd .dist/mdocml/ && tar zcf ../../$@ mdocml-$(VERSION)/ )
 	rm -rf .dist/
 
diff --git a/mdoc_macro.c b/mdoc_macro.c
index 0652af14..b88143c7 100644
--- a/mdoc_macro.c
+++ b/mdoc_macro.c
@@ -702,19 +702,22 @@ blk_exp_close(MACRO_PROT_ARGS)
 		if (ARGS_EOLN == ac)
 			break;
 
-		if (MDOC_MAX != (ntok = lookup(tok, p))) {
-			if ( ! flushed) {
-				if ( ! rew_sub(MDOC_BLOCK, m, tok, line, ppos))
-					return(0);
-				flushed = 1;
-			}
-			if ( ! mdoc_macro(m, ntok, line, lastarg, pos, buf))
+		ntok = ARGS_QWORD == ac ? MDOC_MAX : lookup(tok, p);
+
+		if (MDOC_MAX == ntok) {
+			if ( ! mdoc_word_alloc(m, line, lastarg, p))
 				return(0);
-			break;
-		} 
+			continue;
+		}
 
-		if ( ! mdoc_word_alloc(m, line, lastarg, p))
+		if ( ! flushed) {
+			if ( ! rew_sub(MDOC_BLOCK, m, tok, line, ppos))
+				return(0);
+			flushed = 1;
+		}
+		if ( ! mdoc_macro(m, ntok, line, lastarg, pos, buf))
 			return(0);
+		break;
 	}
 
 	if ( ! flushed && ! rew_sub(MDOC_BLOCK, m, tok, line, ppos))
@@ -787,8 +790,6 @@ in_line(MACRO_PROT_ARGS)
 		if (ARGS_PUNCT == ac)
 			break;
 
-		/* Quoted words shouldn't be looked-up. */
-
 		ntok = ARGS_QWORD == ac ? MDOC_MAX : lookup(tok, p);
 
 		/* 
@@ -985,7 +986,9 @@ blk_full(MACRO_PROT_ARGS)
 			continue;
 		}
 
-		if (MDOC_MAX == (ntok = lookup(tok, p))) {
+		ntok = ARGS_QWORD == ac ? MDOC_MAX : lookup(tok, p);
+
+		if (MDOC_MAX == ntok) {
 			if ( ! mdoc_word_alloc(m, line, la, p))
 				return(0);
 			continue;
@@ -1101,7 +1104,9 @@ blk_part_imp(MACRO_PROT_ARGS)
 			body = m->last;
 		}
 
-		if (MDOC_MAX == (ntok = lookup(tok, p))) {
+		ntok = ARGS_QWORD == ac ? MDOC_MAX : lookup(tok, p);
+
+		if (MDOC_MAX == ntok) {
 			if ( ! mdoc_word_alloc(m, line, la, p))
 				return(0);
 			continue;
@@ -1223,7 +1228,9 @@ blk_part_exp(MACRO_PROT_ARGS)
 
 		assert(NULL != head && NULL != body);
 
-		if (MDOC_MAX == (ntok = lookup(tok, p))) {
+		ntok = ARGS_QWORD == ac ? MDOC_MAX : lookup(tok, p);
+
+		if (MDOC_MAX == ntok) {
 			if ( ! mdoc_word_alloc(m, line, la, p))
 				return(0);
 			continue;
@@ -1339,7 +1346,9 @@ in_line_argn(MACRO_PROT_ARGS)
 			flushed = 1;
 		}
 
-		if (MDOC_MAX != (ntok = lookup(tok, p))) {
+		ntok = ARGS_QWORD == ac ? MDOC_MAX : lookup(tok, p);
+
+		if (MDOC_MAX != ntok) {
 			if ( ! flushed && ! rew_elem(m, tok))
 				return(0);
 			flushed = 1;
-- 
cgit