external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-02-15 04:32:24 +00:00
Code Issues Releases Wiki Activity

Fix possible out-of-bounds write in xec.c:iousepipe (rhbz#1506344)

Browse source 
Discussion/analysis: https://bugzilla.redhat.com/1506344

iousepipe() might write out of bounds, causing a crash, if
subpipe[2] is set to a value >= sh.gd.lim.open_max.

src/cmd/ksh93/sh/xec.c: iousepipe():
- Validate the FD using sh_iovalidfd() before the write.
This commit is contained in:
Martijn Dekker 2020-09-29 05:21:50 +02:00
parent 90941717da
commit 1477b5fff7
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/cmd/ksh93/sh/xec.c
View file

@ -170,6 +170,7 @@ static int iousepipe(Shell_t *shp)
return(1);
}
subpipe[2] = sh_fcntl(fd,F_dupfd_cloexec,10);
sh_iovalidfd(shp,subpipe[2]);
shp->fdstatus[subpipe[2]] = shp->fdstatus[1];
while(close(fd)<0 && errno==EINTR)
errno = err;