From 5eb7533764144cfcf1209d3363588f32e58fcffd Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Thu, 8 Feb 2018 16:12:47 +0900
Subject: [PATCH] restrict characters for callout name

---
 src/regparse.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/src/regparse.c b/src/regparse.c
index 3c56a64..e36db3d 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -38,6 +38,9 @@
 
 #define CASE_FOLD_IS_APPLIED_INSIDE_NEGATIVE_CCLASS
 
+#define IS_ALLOWED_CODE_IN_CALLOUT_NAME(c) \
+  ((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '_' || c == '!')
+
 
 OnigSyntaxType OnigSyntaxOniguruma = {
   (( SYN_GNU_REGEX_OP | ONIG_SYN_OP_QMARK_NON_GREEDY |
@@ -1380,6 +1383,20 @@ callout_name_entry(UChar* name, UChar* name_end,
   return e->id;
 }
 
+extern int
+is_allowed_callout_name(UChar* name, UChar* name_end)
+{
+  UChar* p = name;
+
+  while (p < name_end) {
+    OnigCodePoint c = (OnigCodePoint )*p;
+    if (! IS_ALLOWED_CODE_IN_CALLOUT_NAME(c))
+      return 0;
+    p++;
+  }
+
+  return 1;
+}
 
 extern int
 onig_set_callout_of_name(OnigEncoding enc, UChar* name, UChar* name_end,
@@ -1394,6 +1411,11 @@ onig_set_callout_of_name(OnigEncoding enc, UChar* name, UChar* name_end,
     if (r < 0) return r;
   }
 
+  if (! is_allowed_callout_name(name, name_end)) {
+    r = ONIGERR_INVALID_CALLOUT_NAME;
+    goto end;
+  }
+
   r = callout_name_entry(name, name_end, callout, retraction_callout);
   if (r < 0) goto end;
 
@@ -1431,6 +1453,11 @@ onig_get_callout_id_from_name(OnigEncoding enc, UChar* name, UChar* name_end,
     if (r < 0) return r;
   }
 
+  if (! is_allowed_callout_name(name, name_end)) {
+    r = ONIGERR_INVALID_CALLOUT_NAME;
+    goto end;
+  }
+
   e = callout_name_find(name, name_end);
   if (IS_NULL(e)) {
     r = ONIGERR_UNDEFINED_CALLOUT_NAME;
@@ -6100,6 +6127,10 @@ parse_callout_of_name(Node** np, int cterm, UChar** src, UChar* end, ScanEnv* en
     else if (c == cterm || c == ':') break;
     else if (c > 255)
       return ONIGERR_INVALID_CALLOUT_NAME;
+    else {
+      if (! IS_ALLOWED_CODE_IN_CALLOUT_NAME(c))
+        return ONIGERR_INVALID_CALLOUT_NAME;
+    }
   }
 
   if (c == ':') {
-- 
2.40.0