From 492c8c668f1edb708e49bcafbacb22c58e2877a5 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Fri, 28 Jan 2011 17:40:02 +0100 Subject: Avoid infinite loop in PKGBUILD variable parser (fixes FS#19482). Improves variable substitution in the PKGBUILD parser a bit to avoid infinite replacement loops when a PKGBUILD contains assigments of the form "foo=${foo[@]}bar". Signed-off-by: Lukas Fleischer --- web/html/pkgsubmit.php | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index c39e2f9e..b15da3ff 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -178,16 +178,24 @@ if ($_COOKIE["AURSID"]): # Simple variable replacement $pattern_var = '/\$({?)([_\w]+)(}?)/'; - while (preg_match($pattern_var,$v,$regs)) { - $pieces = explode(" ",$pkgbuild["$regs[2]"],2); - - $pattern = '/\$'.$regs[1].$regs[2].$regs[3].'/'; - if ($regs[2] != $k) { - $replacement = $pieces[0]; - } else { - $replacement = ""; + $offset = 0; + while (preg_match($pattern_var, $v, $regs, PREG_OFFSET_CAPTURE, $offset)) { + $var = $regs[2][0]; + $pos = $regs[0][1]; + $len = strlen($regs[0][0]); + + if (isset($new_pkgbuild[$var])) { + $replacement = explode(" ", $new_pkgbuild[$var], 2); + } + elseif (isset($pkgbuild[$var]) && $var != $k) { + $replacement = explode(" ", $pkgbuild[$var], 2); } - $v=preg_replace($pattern, $replacement, $v); + else { + $replacement = ''; + } + + $v = substr_replace($v, $replacement, $pos, $len); + $offset += strlen($replacement); } $new_pkgbuild[$k] = $v; } -- cgit v1.2.3-24-g4f1b