mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-08-06 05:47:13 +02:00
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
From 3e83699ce23400d75c7ddaa7ebfdec015177caa7 Mon Sep 17 00:00:00 2001
|
|
From: Karsten Sperling <ksperling@apple.com>
|
|
Date: Thu, 18 May 2023 16:47:49 +0200
|
|
Subject: [PATCH] ash: use-after-free in bash pattern substitution
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Commit daa66ed6 fixed a number of use-after-free bugs in bash pattern
|
|
substitution, however one "unguarded" STPUTC remained, which is fixed here.
|
|
|
|
function old new delta
|
|
subevalvar 1564 1576 +12
|
|
|
|
Signed-off-by: Karsten Sperling <ksperling@apple.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
|
|
---
|
|
shell/ash.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/shell/ash.c b/shell/ash.c
|
|
index d2c5c5d50..51b627fcc 100644
|
|
--- a/shell/ash.c
|
|
+++ b/shell/ash.c
|
|
@@ -7370,6 +7370,8 @@ subevalvar(char *start, char *str, int strloc,
|
|
char *restart_detect = stackblock();
|
|
if (quotes && *loc == '\\') {
|
|
STPUTC(CTLESC, expdest);
|
|
+ if (stackblock() != restart_detect)
|
|
+ goto restart;
|
|
len++;
|
|
}
|
|
STPUTC(*loc, expdest);
|