Merge pull request #161 from PenTesting/patch-1

Regex hardening to fix CVE-2018-12356.
This commit is contained in:
Alex Grin 2018-06-18 12:31:03 -04:00 committed by GitHub
commit 047abede75
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -26,7 +26,7 @@ if ! $VALID; then
exit 1 exit 1
fi fi
if $VALID && $REVSIG; then if $VALID && $REVSIG; then
echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null echo "$INPUT" | gpg --trust-model always "$@" | grep "^\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
echo "$GOODREVSIG" echo "$GOODREVSIG"
else else
echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null