| Age | Commit message (Collapse) | Author |
|---|
|
|
|
entry from the help file; from piotr durlej
while here, zap an unneccessary blank line
ok millert
|
|
|
|
aka the "Input Preprocessor": it's been a source for multiple
security bugs in the past as everything has to deal with handling
arbitrary filenames and generally resulted in multiple TOCTOU issues.
The base system never included a default LESSOPEN setting like some
Linux distributions did, but it's a suds-filled sink full of knives
to try to use safely.
ok tb@ deraadt@ millert@
|
|
Newlines in a filename can lead to arbitrary code execution
https://marc.info/?l=oss-security&m=171292433330233&w=2
via LESSOPEN. The diff is a straightforward adaptation of
https://github.com/gwsw/less/commit/007521ac3c95bc76
The better fix is deleting the misfeatures that are LESSOPEN
and LESSCLOSE which will happen in a separate commit.
diff looks good to guenther
|
|
amendments to his diff are noted on tech
|
|
Files with very long lines on machines with tight memory restrictions
can provoke a failing realloc in expand_linebuf. This error condition
was improperly handled, which could lead to a user after free bug by
using the already freed linebuf variable again.
with input by and okay guenther@
|
|
from Richard Ulmer <... rulmer at mailbox dot org>
|
|
ok deraadt schwarze
|
|
correctness, clarity, readability, and markup conventions.
Triggered by Richard Ulmer <... rulmer at mailbox dot org> wondering
whether the list of actions is complete and pointing out that
the "shell" action no longer exists (it was removed quite some time
ago for security reasons).
OK jmc@
|
|
OK deraadt
|
|
- Switch http to https for upstream URL
- Fix buffer sizes and lesskey parser functions
- Fix integer overflow in bracket match function
- Fix prompt hiding feature (CTRL + P)
ok deraadt, millert
|
|
Upstream removed history file support for secure mode. The history file
feature is off by default already, disallowing it altogether in secure
mode allows us to drop wpath.
Added a note about it to manual page.
ok benno, deraadt
|
|
Delete ugly and incorrect workaround for a Linux kernel bug.
If a file is temporarily empty, that by no means implies
it might be permanently non-seekable.
Patch from seL4 at disroot dot org on tech@.
OK both Theos: tb@ and deraadt@
|
|
|
|
a volatile sig_atomic_t variable, and then processing events in the mainloop.
But only one variable was used for 3 signals, with |= bit operations which
are signal interruptable! Rewrite the code to use 3 independent variables
and cleanup how the mainloop observes indications.
ok schwarze
|
|
ligatures: it was incomplete (only for the Arabic script and only
for the single ligature LAM WITH ALEF) and it was implemented in a
way that is unsustainable (with a static table inside less).
If we ever want ligature support, we are better off making a fresh
start. However, for languages like Arabic and Persian, even that
wouldn't really be useful without having bidirectional support first.
OK millert@
(and also considering comments from Mohammadreza Abdollahzadeh,
Evan Silberman, and benno@)
|
|
decoding a UTF-8 multibyte character to the left of a given byte -
is already needed at three places in line.c and will also be needed
for cleanup work in cmdbuf.c in the future.
OK millert@
|
|
- history trim
- sundry
diff from evan silberman;
tweaked/ok by schwarze and deraadt
|
|
problem reported by George Brown <321 dot george at gmail dot com> on tech@.
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
(very sloppy specification) leaves an undefined value in *ret, so it is
wrong to inspect it, the error condition is enough.
discussed a little with nicm, and then much more with millert until we
were exasperated
|
|
Most of these are correct just as '. A few benefit from Ql or \(aq.
But if in doubt, just use '.
|
|
|
|
and get_wchar() static for now - until they can be deleted
|
|
with the standard isascii(3)
|
|
This also allows to delete the buggy, now unused function put_wchar().
OK millert@
|
|
This function is only ever called with constant ASCII string arguments,
so actually it doesn't need any UTF-8 handling whatsoever.
OK millert@
|
|
|
|
Use the standard functions mbtowc(3), wcwidth(3), iscntrl(3) instead
of bad functions like get_wchar(), utf_len(), is_wide_char(),
is_composing_char(), is_combining_char(), control_char().
If only half of a double-width character is shifted off screen, do not
inspect anything following it because that clearly remains on-screen.
Improve and add comments.
OK millert@
|
|
|
|
Employ the usual form of an mbtowc(3) loop, eliminating two calls
to the bad function step_char() and reducing the number of nested
loops by one. This also removes the last caller of the bad function
binary_char(), which is consequently deleted.
While here, count ASCII C0 non-whitespace control characters as
binary (except backspace and, with -R only, escape).
OK millert@
|
|
Use the standard function mbrtowc(3) to distinguish valid, incomplete,
and invalid multibyte characters, getting rid of five calls to functions
and macros that we want to phase out, and of one goto. Add comments.
OK millert@.
|
|
When looking for uppercase characters, iterate over multibyte
characters with the standard function mbtowc(3) rather than with
the buggy and outdated step_char(), skipping invalid bytes,
and correctly use iswupper(3) instead of the inapplicable isupper(3).
OK stsp@
|
|
* get_wchar() -> mbtowc(3)
* is_composing_char() || is_combining_char() -> wcwidth(3)
* control_char() -> !isprint(3)
* is_ubin_char() -> !iswprint(3)
OK millert@
|
|
Use wchar_t instead of LWCHAR and mbtowc(3) instead of step_char().
Play it safe and handle all error cases, even in the arguably unlikely
case that linebuf[] contains UTF-8 encoding errors.
Reset mbtowc(3) internal state after failure for portability,
also in one place where mbtowc(3) was already introduced earlier.
OK nicm@
|
|
tweak and OK millert@
|
|
a call to the flawed function step_char(-1), using the standard
function mbtowc(3) instead.
Merge in in_ansi_esc_seq(), simplifying the code, and make the
related functions is_ansi_end() and is_ascii_char() static because
they are used in line.c only.
OK nicm@, and no opposition when shown on tech@
|
|
for ANSI escape sequences introduced by an 8-bit CSI (e.g. "\23343m")
because these are neither compatible with UTF-8 nor strictly
compatible with pure ASCII and for those introduced by an UTF-8 CSI
(e.g. "\302\23343m") because not even xterm(1) supports them at
all, not even with a non-default configuration, because both forms
are very rarely used, if at all, and because the current code trying
to support them doesn't even appear to work according to my tests.
Full support for the ESC-[ CSI (e.g. "\033[43m") remains.
Tweaks and OK millert@, OK nicm@,
and sthen@ agrees with the general direction.
|
|
the standard function wcwidth(3) instead of several hand-rolled
functions accessing outdated local character tables, making this
part of the code conform to our in-tree Unicode 10.
Of course, with the current hand-rolled (and buggy) UTF-8 parser
contained in less(1), this only works if wchar_t stores UCS-4 values
and is more than 31 bits wide, but both will always be true on
OpenBSD, and ultmately, we shall switch to mbtowc(3) for parsing
anyway, lifting these restrictuons.
The existence of the outdated character tables was originally
called out by Evan Silberman on bugs@.
OK stsp@
|
|
ok deraadt@
|
|
As guenther@ said "STOP SPLITTING ANYTHING BUT $LESS ON '$' !".
anton@ came up with the same diff. ok nicm@
|
|
As guenther@ said "fix whatever led to the \337 x 16 crap".
anton@ came up with the same diff. ok nicm@
|
|
from Scott Cheloha who's pushing this upstream. ok tb@
|
|
Based on a smaller diff from Jesper Wallin <jesper at ifconfig dot se>.
OK deraadt@
|
|
bounds prior calling regexec(). In this inverted scenario a match is found when
regexec() returns false causing the bounds to not be updated. This is
problematic since the bounds will then refer to a previous match and future
pointer arithmetic will eventually be off which is manifested in a SIGSEGV.
Issue reported by Larry Hynes on tech@
ok martijn@ tb@
|
|
the default.
okay millert@
|
|
From Anton Lindqvist. OK tobias@ nicm@
|
|
characters and top-bit-set nonprintable characters (so both iscntrl()
and !isprint()), fixes behaviour broken in r1.15/r1.16, noticed by
deraadt@.
ok deraadt tedu
|
|
ok millert and nicm a while ago
|
