Harald van Dijk <harald@xxxxxxxxxxx> wrote:
>
> I had trusted that this "n+1: funny ksh stuff" logic which allows an
> alias to start with = was because ksh allows this, but I tested this
> now, it does not and I can find no evidence that it ever did. Maybe it
> would be good to just remove this exception, or if dash wants to keep
> it, document it as an ash extension rather than claim it as a ksh thing?
Thanks. This patch should fix the overrun.
---8<---
Check for empty string before searching for equal sign starting at
n+1 in aliascmd.
Reported-by: Harald van Dijk <harald@xxxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
diff --git a/src/alias.c b/src/alias.c
index fcad43b..cee07e9 100644
--- a/src/alias.c
+++ b/src/alias.c
@@ -143,7 +143,8 @@ aliascmd(int argc, char **argv)
return (0);
}
while ((n = *++argv) != NULL) {
- if ((v = strchr(n+1, '=')) == NULL) { /* n+1: funny ksh stuff */
+ /* n + 1: funny ksh stuff (from 44lite) */
+ if (!*n || !(v = strchr(n + 1, '='))) {
if ((ap = *__lookupalias(n)) == NULL) {
outfmt(out2, "%s: %s not found\n", "alias", n);
ret = 1;
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[PATCH] alias: Fix out-of-bound access
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [PATCH] alias: Fix out-of-bound access
- From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 8 Apr 2024 12:55:03 +0800
- Cc: dash@xxxxxxxxxxxxxxx
- In-reply-to: <bc839b61-a7d5-6a36-ed47-db8363989379@gigawatt.nl>
- References:
- Re: Out-of-bounds access in alias command
- From: Harald van Dijk
- Re: Out-of-bounds access in alias command
- Prev by Date: Re: [PATCH v3] Allow trap to un-ignore SIGINT/SIGQUIT in async subshells
- Next by Date: Re: [v2 PATCH] jobs: Allow monitor mode without a tty in non-interactive mode
- Previous by thread: Re: Out-of-bounds access in alias command
- Next by thread: Monitor mode handling (bug ?)
- Index(es):
 |