diff options
Diffstat (limited to 'aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch')
| -rw-r--r-- | aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch b/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch new file mode 100644 index 0000000..3527fa5 --- /dev/null +++ b/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch @@ -0,0 +1,88 @@ +From fa52ac9781f479de8ab4d8526276244c0a0471f4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net> +Date: Mon, 28 Feb 2022 08:36:50 +0100 +Subject: [PATCH] ash: don't read past end of var in subvareval for bash + substitutions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without this patch, BusyBox handles bash pattern substitutions without +a terminating '/' character incorrectly. + +Consider the following shell script: + + _bootstrapver=5.0.211-r0 + _referencesdir="/usr/${_bootstrapver/-*}/Sources" + echo $_referencesdir + +This should output `/usr/5.0.211/Sources`. However, without this patch +it instead outputs `/usr/5.0.211Sources`. This is due to the fact that +BusyBox expects the bash pattern substitutions to always be terminated +with a '/' (at least in this part of subvareval) and thus reads passed +the substitution itself and consumes the '/' character which is part of +the literal string. If there is no '/' after the substitution then +BusyBox might perform an out-of-bounds read under certain circumstances. + +When replacing the bash pattern substitution with `${_bootstrapver/-*/}`, +or with this patch applied, ash outputs the correct value. + +Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + shell/ash.c | 4 ++++ + shell/ash_test/ash-vars/var_bash_repl_unterminated.right | 1 + + shell/ash_test/ash-vars/var_bash_repl_unterminated.tests | 2 ++ + shell/hush_test/hush-vars/var_bash_repl_unterminated.right | 1 + + shell/hush_test/hush-vars/var_bash_repl_unterminated.tests | 2 ++ + 5 files changed, 10 insertions(+) + create mode 100644 shell/ash_test/ash-vars/var_bash_repl_unterminated.right + create mode 100755 shell/ash_test/ash-vars/var_bash_repl_unterminated.tests + create mode 100644 shell/hush_test/hush-vars/var_bash_repl_unterminated.right + create mode 100755 shell/hush_test/hush-vars/var_bash_repl_unterminated.tests + +diff --git a/shell/ash.c b/shell/ash.c +index adb0f223a..54335c5dd 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7081,6 +7081,10 @@ subevalvar(char *start, char *str, int strloc, + *repl = '\0'; + break; + } ++ if ((unsigned char)*repl == CTLENDVAR) { /* ${v/pattern} (no trailing /, no repl) */ ++ repl = NULL; ++ break; ++ } + /* Handle escaped slashes, e.g. "${v/\//_}" (they are CTLESC'ed by this point) */ + if ((unsigned char)*repl == CTLESC && repl[1]) + repl++; +diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.right b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right +new file mode 100644 +index 000000000..5bff3a6fa +--- /dev/null ++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right +@@ -0,0 +1 @@ ++b/d +diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests +new file mode 100755 +index 000000000..c9513343d +--- /dev/null ++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests +@@ -0,0 +1,2 @@ ++a=b-c ++echo ${a/-*}/d +diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.right b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right +new file mode 100644 +index 000000000..5bff3a6fa +--- /dev/null ++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right +@@ -0,0 +1 @@ ++b/d +diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests +new file mode 100755 +index 000000000..c9513343d +--- /dev/null ++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests +@@ -0,0 +1,2 @@ ++a=b-c ++echo ${a/-*}/d |