ed: consistent filename validation

mknos · web-flow · commit 65c4ec8b27b1 · 2025-01-19T22:01:52.000+08:00
* Extend the filename validation from the f command to commands e and r, which also take a filename argument
* Now the code can fail slightly earlier, before open_file_ro() is called
diff --git a/bin/ed b/bin/ed
@@ -601,9 +601,7 @@ sub edFilename {
         return E_ADDREXT;
     }
     if (defined($args[0])) {
-        return E_FNAME if $args[0] =~ m/\A\!/;
-        return E_FNAME if $args[0] =~ m/\/\Z/;
-        return E_FNAME if ($args[0] eq '.' || $args[0] eq '..');
+        return E_FNAME if illegal_file($args[0]);
         $RememberedFilename = $args[0];
     }
     if (defined($RememberedFilename)) {
@@ -615,6 +613,15 @@ sub edFilename {
     return;
 }
 
+sub illegal_file {
+    my $name = shift;
+    return 1 if length($name) == 0;
+    return 1 if $name eq '.' or $name eq '..';
+    return 1 if $name =~ m/\A\!/;
+    return 1 if $name =~ m/\/\Z/;
+    return 0;
+}
+
 #
 # Write requested lines
 #
@@ -694,6 +701,7 @@ sub edRead {
     }
 
     unless ($do_pipe) {
+        return E_FNAME if illegal_file($filename);
         $fh = open_file_ro($filename);
         return E_OPEN unless $fh;
     }
@@ -752,6 +760,7 @@ sub edEdit {
     }
 
     unless ($do_pipe) {
+        return E_FNAME if illegal_file($filename);
         $fh = open_file_ro($filename);
         return E_OPEN unless $fh;
     }

Original file line number	Diff line number	Diff line change
`@@ -601,9 +601,7 @@ sub edFilename {`
`601`	`601`	`return E_ADDREXT;`
`602`	`602`	`}`
`603`	`603`	`if (defined($args[0])) {`
`604`		`- return E_FNAME if $args[0] =~ m/\A\!/;`
`605`		`- return E_FNAME if $args[0] =~ m/\/\Z/;`
`606`		`- return E_FNAME if ($args[0] eq '.' \|\| $args[0] eq '..');`
	`604`	`+ return E_FNAME if illegal_file($args[0]);`
`607`	`605`	`$RememberedFilename = $args[0];`
`608`	`606`	`}`
`609`	`607`	`if (defined($RememberedFilename)) {`
`@@ -615,6 +613,15 @@ sub edFilename {`
`615`	`613`	`return;`
`616`	`614`	`}`
`617`	`615`
	`616`	`+sub illegal_file {`
	`617`	`+ my $name = shift;`
	`618`	`+ return 1 if length($name) == 0;`
	`619`	`+ return 1 if $name eq '.' or $name eq '..';`
	`620`	`+ return 1 if $name =~ m/\A\!/;`
	`621`	`+ return 1 if $name =~ m/\/\Z/;`
	`622`	`+ return 0;`
	`623`	`+}`
	`624`	`+`
`618`	`625`	`#`
`619`	`626`	`# Write requested lines`
`620`	`627`	`#`
`@@ -694,6 +701,7 @@ sub edRead {`
`694`	`701`	`}`
`695`	`702`
`696`	`703`	`unless ($do_pipe) {`
	`704`	`+ return E_FNAME if illegal_file($filename);`
`697`	`705`	`$fh = open_file_ro($filename);`
`698`	`706`	`return E_OPEN unless $fh;`
`699`	`707`	`}`
`@@ -752,6 +760,7 @@ sub edEdit {`
`752`	`760`	`}`
`753`	`761`
`754`	`762`	`unless ($do_pipe) {`
	`763`	`+ return E_FNAME if illegal_file($filename);`
`755`	`764`	`$fh = open_file_ro($filename);`
`756`	`765`	`return E_OPEN unless $fh;`
`757`	`766`	`}`