external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-02-15 04:32:24 +00:00
Code Issues Releases Wiki Activity
cde/src/cmd
History
hyenias 3255aed2c4
lex.c: Fix buffer overflow in debug sh_lex and sh_syntax (#262) 
fmttoken() needs a minimal char[4] token buffer passed to it.

Originally reported by: Jakub Wilk <jwilk@jwilk.net>
Original bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879464

The following code lines from fmttoken() yield a n=3 for SYMSEMI as
n=1 from the start, e.g. 'for <>;'.

        case SYMSEMI:
                if(tok[0]=='<')
                        tok[n++] = '>';
                sym = ';';
                break;
        default:
                sym = 0;
        }
        tok[n++] = sym;
}
tok[n] = 0;

n[0]='<'
n[1]='>'
n[2]=';'
n[3]=0 # <-- BUFFER overflow as the passed character buffers have a size of 3

src/cmd/ksh93/sh/lex.c:
- DBUG: sh_lex(): Adjust char tokstr[3] to char tokstr[4]
- sh_syntax(): Adjust char tokbuf[3] to char tokbuf[4]
2021-04-09 02:47:21 +01:00
..
builtin Fix more compiler warnings, typos and other minor issues (#260) 2021-04-08 19:58:07 +01:00
INIT Fix more compiler warnings, typos and other minor issues (#260) 2021-04-08 19:58:07 +01:00
ksh93 lex.c: Fix buffer overflow in debug sh_lex and sh_syntax (#262) 2021-04-09 02:47:21 +01:00
Mamfile **/Mamfile: add header comment pointing to MAM docs (re: 6cc2f6a0) 2021-01-25 14:38:58 +00:00