[PATCH] ash: use-after-free in bash pattern substitution (resubmit)
Karsten Sperling
ksperling at apple.com
Mon May 15 05:25:17 UTC 2023
Hi, just bumping this thread one last time.
Please let me know if there is some contribution guideline I’m not following correctly, or if there is some other reason for not accepting this patch.
Cheers, Karsten
> On 18/04/2023, at 3:24 PM, Karsten Sperling <ksperling at apple.com> wrote:
>
> Commit daa66ed6 fixed a number of use-after-free bugs in bash pattern substitution, however one "unguarded" STPUTC remained, which is fixed here.
>
> Signed-off-by: Karsten Sperling <ksperling at apple.com>
> ---
> shell/ash.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/shell/ash.c b/shell/ash.c
> index d2c5c5d50..51b627fcc 100644
> --- a/shell/ash.c
> +++ b/shell/ash.c
> @@ -7370,6 +7370,8 @@ subevalvar(char *start, char *str, int strloc,
> char *restart_detect = stackblock();
> if (quotes && *loc == '\\') {
> STPUTC(CTLESC, expdest);
> + if (stackblock() != restart_detect)
> + goto restart;
> len++;
> }
> STPUTC(*loc, expdest);
> -- 2.39.0
>
More information about the busybox
mailing list