[git commit] hush: protect against self-modifying trap code

Denys Vlasenko vda.linux at googlemail.com
Tue Jan 30 03:29:03 UTC 2018


commit: https://git.busybox.net/busybox/commit/?id=749575d3c52c32f57f46f2cbb2942a2204d333ee
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

function                                             old     new   delta
check_and_run_traps                                  211     236     +25

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 shell/hush.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/shell/hush.c b/shell/hush.c
index ddf377355..585c51bd5 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -2004,10 +2004,12 @@ static int check_and_run_traps(void)
 				smalluint save_rcode;
 				char *argv[3];
 				/* argv[0] is unused */
-				argv[1] = G_traps[sig];
+				argv[1] = xstrdup(G_traps[sig]);
+				/* why strdup? trap can modify itself: trap 'trap "echo oops" INT' INT */
 				argv[2] = NULL;
 				save_rcode = G.last_exitcode;
 				builtin_eval(argv);
+				free(argv[1]);
 //FIXME: shouldn't it be set to 128 + sig instead?
 				G.last_exitcode = save_rcode;
 				last_sig = sig;


More information about the busybox-cvs mailing list