From 75f59b16312523ab3deb995c48e8c8ae07586c23 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Mon, 4 May 2020 12:23:50 +0200
Subject: Reinstate * wildcards

Reinstate * wildcards as they are safe to use, but do not allow any
other special characters such as ? or [].

Notably, ? would overlap with patterns, and [] might overlap with
future pattern extensions (alternative bracketing style), it's also
hard to explain.

Closes: #953531
LP: #1872200
---
 apt-pkg/cacheset.cc | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'apt-pkg/cacheset.cc')

diff --git a/apt-pkg/cacheset.cc b/apt-pkg/cacheset.cc
index 288180f16..3967ba980 100644
--- a/apt-pkg/cacheset.cc
+++ b/apt-pkg/cacheset.cc
@@ -189,8 +189,11 @@ bool CacheSetHelper::PackageFromFnmatch(PackageContainerInterface * const pci,
                                        pkgCacheFile &Cache, std::string pattern)
 {
 	static const char * const isfnmatch = ".?*[]!";
-	if (_config->FindB("APT::Cmd::Pattern-Only", false))
-		return false;
+	// Whitelist approach: Anything not in here is not a valid pattern
+	static const char *const isfnmatch_strict = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-.:*";
+
+	if (_config->FindB("APT::Cmd::Pattern-Only", false) && pattern.find_first_not_of(isfnmatch_strict) != std::string::npos)
+	   return false;
 	if (pattern.find_first_of(isfnmatch) == std::string::npos)
 		return false;
 
-- 
cgit v1.2.3