check for disallowed characters in package ids

author Nathan Wagner <nw@hydaspes.if.org>

Sat, 15 Sep 2018 09:48:36 +0000 (09:48 +0000)

committer Nathan Wagner <nw@hydaspes.if.org>

Mon, 17 Sep 2018 12:16:13 +0000 (12:16 +0000)
author Nathan Wagner <nw@hydaspes.if.org>
Sat, 15 Sep 2018 09:48:36 +0000 (09:48 +0000)
committer Nathan Wagner <nw@hydaspes.if.org>
Mon, 17 Sep 2018 12:16:13 +0000 (12:16 +0000)
diff --git a/lib/findpkg.c b/lib/findpkg.c

index dec9283e1201c571282eff2ebec82d9a363c843a..865f407b4f8dc638060c636e3df70da3c7c8003d 100644 (file)
--- a/lib/findpkg.c
+++ b/lib/findpkg.c
@@ -30,6 +30,9 @@ int zpm_parse_package(char *pstr, char *name, char *ver, int *rel) {
  
         /* everything up to the first '-' is in the name */
         while (*pstr) {
+               if (*pstr == '\'' || !isgraph(*pstr)) {
+                       return 0;
+               }
                 if (*pstr == '-' && isdigit(*(pstr+1))) {
                         break;
                 }
@@ -44,6 +47,9 @@ int zpm_parse_package(char *pstr, char *name, char *ver, int *rel) {
                 pstr++;
         }
         while (*pstr && *pstr != '-') {
+               if (*pstr == '\'' || !isgraph(*pstr)) {
+                       return 0;
+               }
                 if (ver) {
                         *ver++ = *pstr;
                 }
author	Nathan Wagner <nw@hydaspes.if.org>
	Sat, 15 Sep 2018 09:48:36 +0000 (09:48 +0000)
committer	Nathan Wagner <nw@hydaspes.if.org>
	Mon, 17 Sep 2018 12:16:13 +0000 (12:16 +0000)