Accepting such field names as valid, would make the parsers accept control stanzas that have not been properly sanitized from OpenPGP dash-escaping. Just refuse these field names, as there's really no reason to accept them.
@@ -108,6 +108,7 @@ dpkg (1.17.2) UNRELEASED; urgency=low
then reinstalled as a new version, to get removed again when revisiting
the array in a subsequent package processing. Closes: #726112
* Do not accept empty field names in dpkg.
+ * Do not accept an initial hyphen in field names.
[ Updated programs translations ]
* German (Sven Joachim).
@@ -583,6 +583,9 @@ parse_stanza(struct parsedb_state *ps, struct field_state *fs,
fs->fieldlen = ps->dataptr - fs->fieldstart - 1;
if (fs->fieldlen == 0)
parse_error(ps, _("empty field name"));
+ if (fs->fieldstart[0] == '-')
+ parse_error(ps, _("field name '%.*s' cannot start with hyphen"),
+ fs->fieldlen, fs->fieldstart);
/* Skip spaces before ‘:’. */
while (!parse_EOF(ps) && c != '\n' && isspace(c))
@@ -194,6 +194,9 @@ sub parse {
$paraborder = 0;
if (m/^(\S+?)\s*:\s*(.*)$/) {
$parabody = 1;
+ if ($1 =~ m/^-/) {
+ $self->parse_error($desc, _g('field cannot start with a hyphen'));
+ }
if (exists $self->{$1}) {
unless ($$self->{allow_duplicate}) {
$self->parse_error($desc, _g('duplicate field %s found'), $1);