From: Nathan Wagner <nw@hydaspes.if.org>
Date: Sat, 15 Sep 2018 09:48:36 +0000 (+0000)
Subject: check for disallowed characters in package ids
X-Git-Tag: v0.1.6~34
X-Git-Url: https://pd.if.org/git/?p=zpackage;a=commitdiff_plain;h=67caae5874fda7371cb543e248b1014ae17e14d7

check for disallowed characters in package ids
---

diff --git a/lib/findpkg.c b/lib/findpkg.c
index dec9283..865f407 100644
--- a/lib/findpkg.c
+++ b/lib/findpkg.c
@@ -30,6 +30,9 @@ int zpm_parse_package(char *pstr, char *name, char *ver, int *rel) {
 
 	/* everything up to the first '-' is in the name */
 	while (*pstr) {
+		if (*pstr == '\'' || !isgraph(*pstr)) {
+			return 0;
+		}
 		if (*pstr == '-' && isdigit(*(pstr+1))) {
 			break;
 		}
@@ -44,6 +47,9 @@ int zpm_parse_package(char *pstr, char *name, char *ver, int *rel) {
 		pstr++;
 	}
 	while (*pstr && *pstr != '-') {
+		if (*pstr == '\'' || !isgraph(*pstr)) {
+			return 0;
+		}
 		if (ver) {
 			*ver++ = *pstr;
 		}