Do not accept an initial hyphen in field names

Accepting such field names as valid, would make the parsers accept control stanzas that have not been properly sanitized from OpenPGP dash-escaping. Just refuse these field names, as there's really no reason to accept them.
author: Guillem Jover <guillem@debian.org> 2013-09-19 19:28:49 +0200
committer: Guillem Jover <guillem@debian.org> 2013-12-05 04:56:10 +0100
commit: bb53fa0defe392d55ae7b7f49bb28d9e647acb9c (patch)
tree: a8ccb0bcd2a14b06cb7b037d008ad6c79f764659 /scripts/Dpkg/Control/HashCore.pm
parent: eecc61381b687a7ed6af65427e115dd4d2c765b6 (diff)
download: dpkg-bb53fa0defe392d55ae7b7f49bb28d9e647acb9c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/scripts/Dpkg/Control/HashCore.pm b/scripts/Dpkg/Control/HashCore.pm
index ffb87c1d7..8a5d6e33d 100644
--- a/scripts/Dpkg/Control/HashCore.pm
+++ b/scripts/Dpkg/Control/HashCore.pm
@@ -194,6 +194,9 @@ sub parse {
 	$paraborder = 0;
 	if (m/^(\S+?)\s*:\s*(.*)$/) {
 	    $parabody = 1;
+	    if ($1 =~ m/^-/) {
+		$self->parse_error($desc, _g('field cannot start with a hyphen'));
+	    }
 	    if (exists $self->{$1}) {
 		unless ($$self->{allow_duplicate}) {
 		    $self->parse_error($desc, _g('duplicate field %s found'), $1);
author	Guillem Jover <guillem@debian.org>	2013-09-19 19:28:49 +0200
committer	Guillem Jover <guillem@debian.org>	2013-12-05 04:56:10 +0100
commit	bb53fa0defe392d55ae7b7f49bb28d9e647acb9c (patch)
tree	a8ccb0bcd2a14b06cb7b037d008ad6c79f764659 /scripts/Dpkg/Control/HashCore.pm
parent	eecc61381b687a7ed6af65427e115dd4d2c765b6 (diff)
download	dpkg-bb53fa0defe392d55ae7b7f49bb28d9e647acb9c.tar.gz