[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: [PATCH] ash: use-after-free in bash pattern substitution (resubmit)
From: Karsten Sperling <ksperling () apple ! com>
Date: 2023-04-18 3:24:34
Message-ID: 186950C9-64AC-43EA-B038-0097DB70AE08 () apple ! com
[Download RAW message or body]
Commit daa66ed6 fixed a number of use-after-free bugs in bash pattern substitution, however one "unguarded" STPUTC remained, which is fixed here.
Signed-off-by: Karsten Sperling <ksperling@apple.com>
---
shell/ash.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/shell/ash.c b/shell/ash.c
index d2c5c5d50..51b627fcc 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -7370,6 +7370,8 @@ subevalvar(char *start, char *str, int strloc,
char *restart_detect = stackblock();
if (quotes && *loc == '\\') {
STPUTC(CTLESC, expdest);
+ if (stackblock() != restart_detect)
+ goto restart;
len++;
}
STPUTC(*loc, expdest);
-- 2.39.0
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic