[PATCH 2/2] ash: use alloca to get rid of setjmp
Ron Yorston
rmy at frippery.org
Thu Jul 16 09:49:54 UTC 2015
Rich Felker wrote:
>I suspect it can easily be made to do arbitrary code execution when
>otherwise-safe (e.g. checked against whitelist for special chars)
>strings from untrusted input are expanded inside eval commands.
>
>Any new use of VLA/alloca should be completely banned. It's basically
>always an exploitable bug.
I certainly don't want to be responsible for the next Shellshock.
Following up with a patch to revert the use of alloca. The old code was
ugly but at least it should be safe. I can't see any other way to do it.
I did spot an opportunity to save a few bytes, though, so there's a second
patch to partly make up for the loss of the 66 byte saving in the reverted
patch.
Ron
More information about the busybox
mailing list