===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/rcs/rcsparse.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -c -r1.8 -r1.9
*** src/usr.bin/rcs/rcsparse.c	2012/02/04 21:22:32	1.8
--- src/usr.bin/rcs/rcsparse.c	2013/06/03 17:04:35	1.9
***************
*** 1,4 ****
! /*	$OpenBSD: rcsparse.c,v 1.8 2012/02/04 21:22:32 tobias Exp $	*/
  /*
   * Copyright (c) 2010 Tobias Stoeckmann <tobias@openbsd.org>
   *
--- 1,4 ----
! /*	$OpenBSD: rcsparse.c,v 1.9 2013/06/03 17:04:35 jcs Exp $	*/
  /*
   * Copyright (c) 2010 Tobias Stoeckmann <tobias@openbsd.org>
   *
***************
*** 106,111 ****
--- 106,112 ----
  	{ "branch",		RCS_TOK_BRANCH},
  	{ "branches",		RCS_TOK_BRANCHES},
  	{ "comment",		RCS_TOK_COMMENT},
+ 	{ "commitid",		RCS_TOK_COMMITID},
  	{ "date",		RCS_TOK_DATE},
  	{ "desc",		RCS_TOK_DESC},
  	{ "expand",		RCS_TOK_EXPAND},
***************
*** 150,155 ****
--- 151,157 ----
  static int	rcsparse_token(RCSFILE *, int);
  static void	rcsparse_warnx(RCSFILE *, char *, ...);
  static int	valid_login(char *);
+ static int	valid_commitid(char *);
  
  /*
   * head [REVISION];
***************
*** 527,533 ****
  	if (rcsparse_token(rfp, RCS_TYPE_COMMITID) != RCS_TYPE_COMMITID)
  		return (1);
  
! 	/* XXX - do something with commitid */
  
  	return (rcsparse_token(rfp, RCS_TOK_SCOLON) != RCS_TOK_SCOLON);
  }
--- 529,535 ----
  	if (rcsparse_token(rfp, RCS_TYPE_COMMITID) != RCS_TYPE_COMMITID)
  		return (1);
  
! 	pdp->rp_delta->rd_commitid = pdp->rp_value.str;
  
  	return (rcsparse_token(rfp, RCS_TOK_SCOLON) != RCS_TOK_SCOLON);
  }
***************
*** 988,994 ****
  
  	switch (allowed) {
  	case RCS_TYPE_COMMITID:
! 		/* XXX validate commitid */
  		break;
  	case RCS_TYPE_LOGIN:
  		if (!valid_login(pdp->rp_buf)) {
--- 990,1001 ----
  
  	switch (allowed) {
  	case RCS_TYPE_COMMITID:
! 		if (!valid_commitid(pdp->rp_buf)) {
! 			rcsparse_warnx(rfp, "invalid commitid \"%s\"",
! 			    pdp->rp_buf);
! 			return (0);
! 		}
! 		pdp->rp_value.str = xstrdup(pdp->rp_buf);
  		break;
  	case RCS_TYPE_LOGIN:
  		if (!valid_login(pdp->rp_buf)) {
***************
*** 1221,1226 ****
--- 1228,1248 ----
  		}
  	}
  	if ((char *)cp - login_name > _PW_NAME_LEN)
+ 		return 0;
+ 	return 1;
+ }
+ 
+ static int
+ valid_commitid(char *commitid)
+ {
+ 	unsigned char *cp;
+ 
+ 	/* A-Za-z0-9 */
+ 	for (cp = commitid; *cp ; cp++) {
+ 		if (!isalnum(*cp))
+ 			return 0;
+ 	}
+ 	if ((char *)cp - commitid > RCS_COMMITID_MAXLEN)
  		return 0;
  	return 1;
  }