svn commit: trunk/busybox/shell

vda at busybox.net vda at busybox.net
Sat Mar 31 11:08:51 UTC 2007 

Author: vda
Date: 2007-03-31 04:08:50 -0700 (Sat, 31 Mar 2007)
New Revision: 18290

Log:
lash: make -c work; crush buffer overrun and free of non-malloced ptr
(from Mats Erik Andersson <mats.andersson64 at comhem.se>)


Modified:
   trunk/busybox/shell/lash.c


Changeset:
Modified: trunk/busybox/shell/lash.c
===================================================================
--- trunk/busybox/shell/lash.c	2007-03-31 11:07:30 UTC (rev 18289)
+++ trunk/busybox/shell/lash.c	2007-03-31 11:08:50 UTC (rev 18290)
@@ -114,7 +114,7 @@
 /* function prototypes for shell stuff */
 static void checkjobs(struct jobset *job_list);
 static void remove_job(struct jobset *j_list, struct job *job);
-static int get_command(FILE * source, char *command);
+static int get_command_bufsiz(FILE * source, char *command);
 static int parse_command(char **command_ptr, struct job *job, int *inbg);
 static int run_command(struct job *newjob, int inbg, int outpipe[2]);
 static int pseudo_exec(struct child_prog *cmd) ATTRIBUTE_NORETURN;
@@ -649,15 +649,14 @@
 static line_input_t *line_input_state;
 #endif
 
-static int get_command(FILE * source, char *command)
+static int get_command_bufsiz(FILE * source, char *command)
 {
 	const char *prompt_str;
 
 	if (source == NULL) {
 		if (local_pending_command) {
 			/* a command specified (-c option): return it & mark it done */
-			strcpy(command, local_pending_command);
-			free(local_pending_command);
+			strncpy(command, local_pending_command, BUFSIZ);
 			local_pending_command = NULL;
 			return 0;
 		}
@@ -1363,12 +1362,12 @@
 			checkjobs(&job_list);
 
 			if (!next_command) {
-				if (get_command(input, command))
+				if (get_command_bufsiz(input, command))
 					break;
 				next_command = command;
 			}
 
-			if (! expand_arguments(next_command)) {
+			if (!expand_arguments(next_command)) {
 				free(command);
 				command = xzalloc(BUFSIZ);
 				next_command = NULL;
@@ -1455,8 +1454,6 @@
 	if (cwd && cwd != bb_msg_unknown) {
 		free((char*)cwd);
 	}
-	if (local_pending_command)
-		free(local_pending_command);
 
 	if (job_list.fg && !job_list.fg->running_progs) {
 		remove_job(&job_list, job_list.fg);
@@ -1538,7 +1535,7 @@
 
 	opt = getopt32(argc_l, argv_l, "+ic:", &local_pending_command);
 #define LASH_OPT_i (1<<0)
-#define LASH_OPT_c (1<<2)
+#define LASH_OPT_c (1<<1)
 	if (opt & LASH_OPT_c) {
 		input = NULL;
 		optind++;

More information about the busybox-cvs mailing list