packages/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
busybox/backport-CVE-2021-42376.patch
xiechengliang d04cdd6b48 fix CVE-2021-42376 
Signed-off-by: xiechengliang <xiechengliang1@huawei.com>
2021-11-24 21:06:30 +08:00

135 lines
5.4 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 32eeace23c100a733e2b7fa980683b9939892b55 Mon Sep 17 00:00:00 2001
From: xiechengliang <xiechengliang1@huawei.com>
Date: Sat, 20 Nov 2021 10:07:35 +0800
Subject: [PATCH] hush: fix handling of \^C and "^C"
function old new delta
parse_stream 2238 2252 +14
encode_string 243 256 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0) Total: 27 bytes
backport from upstream:
https://git.busybox.net/busybox/commit/?id=1b7a9b68d0e9aa19147d7fda16eb9a6b54156985
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
shell/ash_test/ash-misc/control_char3.right | 1 +
shell/ash_test/ash-misc/control_char3.tests | 2 ++
shell/ash_test/ash-misc/control_char4.right | 1 +
shell/ash_test/ash-misc/control_char4.tests | 2 ++
shell/hush.c | 11 +++++++++++
shell/hush_test/hush-misc/control_char3.right | 1 +
shell/hush_test/hush-misc/control_char3.tests | 2 ++
shell/hush_test/hush-misc/control_char4.right | 1 +
shell/hush_test/hush-misc/control_char4.tests | 2 ++
9 files changed, 23 insertions(+)
create mode 100644 shell/ash_test/ash-misc/control_char3.right
create mode 100755 shell/ash_test/ash-misc/control_char3.tests
create mode 100644 shell/ash_test/ash-misc/control_char4.right
create mode 100755 shell/ash_test/ash-misc/control_char4.tests
create mode 100644 shell/hush_test/hush-misc/control_char3.right
create mode 100755 shell/hush_test/hush-misc/control_char3.tests
create mode 100644 shell/hush_test/hush-misc/control_char4.right
create mode 100755 shell/hush_test/hush-misc/control_char4.tests
diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right
new file mode 100644
index 000000000..283e02cbb
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.right
@@ -0,0 +1 @@
+SHELL: line 1: : not found
diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests
new file mode 100755
index 000000000..4359db3f3
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right
new file mode 100644
index 000000000..2bf18e684
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.right
@@ -0,0 +1 @@
+SHELL: line 1: -: not found
diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests
new file mode 100755
index 000000000..48010f154
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
diff --git a/shell/hush.c b/shell/hush.c
index 8d9ab244e..f1ceb80bb 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -5167,6 +5167,11 @@ static int encode_string(o_string *as_string,
}
#endif
o_addQchr(dest, ch);
+ if (ch == SPECIAL_VAR_SYMBOL) {
+ /* Convert "^C" to corresponding special variable reference */
+ o_addchr(dest, SPECIAL_VAR_QUOTED_SVS);
+ o_addchr(dest, SPECIAL_VAR_SYMBOL);
+ }
goto again;
#undef as_string
}
@@ -5278,6 +5283,11 @@ static struct pipe *parse_stream(char **pstring,
if (ch == '\n')
continue; /* drop \<newline>, get next char */
nommu_addchr(&ctx.as_string, '\\');
+ if (ch == SPECIAL_VAR_SYMBOL) {
+ nommu_addchr(&ctx.as_string, ch);
+ /* Convert \^C to corresponding special variable reference */
+ goto case_SPECIAL_VAR_SYMBOL;
+ }
o_addchr(&ctx.word, '\\');
if (ch == EOF) {
/* Testcase: eval 'echo Ok\' */
@@ -5596,6 +5606,7 @@ static struct pipe *parse_stream(char **pstring,
/* Note: nommu_addchr(&ctx.as_string, ch) is already done */
switch (ch) {
+ case_SPECIAL_VAR_SYMBOL:
case SPECIAL_VAR_SYMBOL:
/* Convert raw ^C to corresponding special variable reference */
o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL);
diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right
new file mode 100644
index 000000000..94b4f8699
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.right
@@ -0,0 +1 @@
+hush: can't execute '': No such file or directory
diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests
new file mode 100755
index 000000000..4359db3f3
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right
new file mode 100644
index 000000000..698e21427
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.right
@@ -0,0 +1 @@
+hush: can't execute '-': No such file or directory
diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests
new file mode 100755
index 000000000..48010f154
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink