On Tue, May 24, 2022 at 09:58:08AM -0700, "Kevin J. McCarthy" <ke...@8t8.us>
wrote:
> On Fri, May 20, 2022 at 05:56:58PM +1000, raf wrote:
> > +#define SHELL_NON_SPACE_META_CHARACTERS "|&;()<>[]{}$`'~\"\\*?"
> > + if (Sendmail[strcspn(Sendmail, SHELL_NON_SPACE_META_CHARACTERS)] != '\0')
> > + {
> > + mutt_error(_("$sendmail cannot contain shell meta-characters."));
> > + return -1;
> > + }
>
> Also, taking a closer look at the patch.
>
> * strcspn() matches an initial prefix. You might want to use strpbrk()
> instead.
No. It's correct as it is. strcspn() returns the length of the prefix
that consists of characters that are not in the list. The code uses
that length as an index into the string and expects to find the nul
byte, which would indicate that the entire string consists of characters
that are not in the list. If it's not the nul byte, then it's one of
the rejected characters, which indicates that the string contains a
rejected character.
> * stylistically I don't think you should #define something used just once
> right above the usage. If the "why these chars" is unclear, just add a
> comment above the block, but I think in this case the mutt_error() string
> makes it clear what the check is about.
>
> --
> Kevin J. McCarthy
> GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
cheers,
raf
