- Check for invalid characters before further processing. Allow only
alphanumeric characters, "-", "+" and ".".
- Convert "." to "\." before using user input in a sed expression.
- Reject zero-length extension names.
- Quote variables used in echo commands, to avoid unwanted shell
expansions.
Without these changes, various invalid inputs would be accepted, for
example due to misparsing of "*" and "." characters in regexps and
shell expansions. Some inputs could also lead to an infinite loop.
diff --git a/gcc/config.gcc b/gcc/config.gcc
index
c8265cabd6a226ac9049ba59a09441a5b066a2b0..69f43d8dc64c830561cf87d953198c34c6cf53b6
100644
--- a/gcc/config.gcc
+++ b/gcc/config.gcc
@@ -4323,8 +4323,15 @@ case "${target}" in
fi
for which in cpu arch tune; do
eval "val=\$with_$which"
- base_val=`echo $val | sed -E -e 's/\+.*//'`
- ext_val=`echo $val | sed -E -e 's/[a-z0-9.-]+//'`
+ filtered_val=`echo "$val" | sed -E -e
's/[-A-Za-z0-9.+]+//'`
+ if [ x"$filtered_val" != x ]; then
+ echo "Invalid characters used in --with-$which=$val"
+ exit 1
+ fi
+
+ escaped_val=`echo "$val" | sed -E -e 's/\./\\\./g'`
+ base_val=`echo "$escaped_val" | sed -E -e 's/\+.*//'`
+ ext_val=`echo "$escaped_val" | sed -E -e 's/^[^+]*//'`
if [ $which = arch ]; then
def=aarch64-arches.def
@@ -4356,20 +4363,19 @@ case "${target}" in
while [ x"$ext_val" != x ]
do
- ext_val=`echo $ext_val | sed -E -e 's/\+//'`
- ext=`echo $ext_val | sed -E -e 's/\+.*//'`
- base_ext=`echo $ext | sed -E -e 's/^no//'`
+ ext_val=`echo "$ext_val" | sed -E -e 's/\+//'`
+ ext=`echo "$ext_val" | sed -E -e 's/\+.*//'`
+ base_ext=`echo "$ext" | sed -E -e 's/^no//'`
opt_line=`echo -e "$options_parsed" | \
grep "^\"$base_ext\""`
- if [ x"$base_ext" = x ] \
- || [ x"$opt_line" != x ]; then
+ if [ x"$opt_line" != x ]; then
true
else
echo "Unknown extension used in
--with-$which=$val" 1>&2
exit 1
fi
- ext_val=`echo $ext_val | sed -E -e
's/[a-z0-9-]+//'`
+ ext_val=`echo "$ext_val" | sed -E -e
's/[^+]+//'`
done
true
