[BZ,#18096] Handle null dereferences in wordexp

Message ID	20150712074917.GA6245@domone
State	New, archived
Headers	Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org Date: Sun, 12 Jul 2015 09:49:17 +0200 From: =?utf-8?B?T25kxZllaiBCw61sa2E=?= <neleai@seznam.cz> To: libc-alpha@sourceware.org Subject: [PATCH][BZ #18096] Handle null dereferences in wordexp Message-ID: <20150712074917.GA6245@domone> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14)

Message ID

20150712074917.GA6245@domone

State

New, archived

Headers

Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: libc-alpha-owner@sourceware.org
Date: Sun, 12 Jul 2015 09:49:17 +0200
From: =?utf-8?B?T25kxZllaiBCw61sa2E=?= <neleai@seznam.cz>
To: libc-alpha@sourceware.org
Subject: [PATCH][BZ #18096] Handle null dereferences in wordexp
Message-ID: <20150712074917.GA6245@domone>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)

Commit Message

Ondrej Bilka July 12, 2015, 7:49 a.m. UTC

  Hi,

Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
libc-alpha.

These look good for me. Carlos, could you commit it?

Comments

Mike Frysinger July 28, 2015, 3:22 a.m. UTC | #1

On 12 Jul 2015 09:49, Ondřej Bílka wrote:
> -	  else
> +	  else if (flags & WRDE_SHOWERR)

i don't think this falls under the banner of preventing NULL derefs
-mike

Ondrej Bilka July 28, 2015, 6:31 a.m. UTC | #2

On Mon, Jul 27, 2015 at 11:22:28PM -0400, Mike Frysinger wrote:
> On 12 Jul 2015 09:49, Ondřej Bílka wrote:
> > -	  else
> > +	  else if (flags & WRDE_SHOWERR)
> 
> i don't think this falls under the banner of preventing NULL derefs

I just took original patch from bugzilla. It was there with rationale
that printing whats in branch is also a bug.

Ondrej Bilka Aug. 12, 2015, 12:22 p.m. UTC | #3

ping
On Sun, Jul 12, 2015 at 09:49:17AM +0200, Ondřej Bílka wrote:
> Hi,
> 
> Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
> libc-alpha.
> 
> These look good for me. Carlos, could you commit it?
> 
> 
> diff --git a/posix/wordexp.c b/posix/wordexp.c
> index e711d43..d3f3764 100644
> --- a/posix/wordexp.c
> +++ b/posix/wordexp.c
> @@ -740,7 +740,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
>  	      ++(*offset);
>  
>  	      /* Go - evaluate. */
> -	      if (*expr && eval_expr (expr, &numresult) != 0)
> +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
>  		{
>  		  free (expr);
>  		  return WRDE_SYNTAX;
> @@ -778,7 +778,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
>  	      long int numresult = 0;
>  
>  	      /* Go - evaluate. */
> -	      if (*expr && eval_expr (expr, &numresult) != 0)
> +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
>  		{
>  		  free (expr);
>  		  return WRDE_SYNTAX;
> @@ -1843,11 +1843,11 @@ envsubst:
>  	  if (!colon_seen && value)
>  	    /* Substitute NULL */
>  	    ;
> -	  else
> +	  else if (flags & WRDE_SHOWERR)
>  	    {
>  	      const char *str = pattern;
>  
> -	      if (str[0] == '\0')
> +	      if (str && str[0] == '\0')
>  		str = _("parameter null or not set");
>  
>  	      __fxprintf (NULL, "%s: %s\n", env, str);

Ondrej Bilka Aug. 19, 2015, 9:23 a.m. UTC | #4

ping
On Wed, Aug 12, 2015 at 02:22:16PM +0200, Ondřej Bílka wrote:
> ping
> On Sun, Jul 12, 2015 at 09:49:17AM +0200, Ondřej Bílka wrote:
> > Hi,
> > 
> > Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
> > libc-alpha.
> > 
> > These look good for me. Carlos, could you commit it?
> > 
> > 
> > diff --git a/posix/wordexp.c b/posix/wordexp.c
> > index e711d43..d3f3764 100644
> > --- a/posix/wordexp.c
> > +++ b/posix/wordexp.c
> > @@ -740,7 +740,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
> >  	      ++(*offset);
> >  
> >  	      /* Go - evaluate. */
> > -	      if (*expr && eval_expr (expr, &numresult) != 0)
> > +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
> >  		{
> >  		  free (expr);
> >  		  return WRDE_SYNTAX;
> > @@ -778,7 +778,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
> >  	      long int numresult = 0;
> >  
> >  	      /* Go - evaluate. */
> > -	      if (*expr && eval_expr (expr, &numresult) != 0)
> > +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
> >  		{
> >  		  free (expr);
> >  		  return WRDE_SYNTAX;
> > @@ -1843,11 +1843,11 @@ envsubst:
> >  	  if (!colon_seen && value)
> >  	    /* Substitute NULL */
> >  	    ;
> > -	  else
> > +	  else if (flags & WRDE_SHOWERR)
> >  	    {
> >  	      const char *str = pattern;
> >  
> > -	      if (str[0] == '\0')
> > +	      if (str && str[0] == '\0')
> >  		str = _("parameter null or not set");
> >  
> >  	      __fxprintf (NULL, "%s: %s\n", env, str);

diff mbox

Patch

diff --git a/posix/wordexp.c b/posix/wordexp.c
index e711d43..d3f3764 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -740,7 +740,7 @@  parse_arith (char **word, size_t *word_length, size_t *max_length,
 	      ++(*offset);
 
 	      /* Go - evaluate. */
-	      if (*expr && eval_expr (expr, &numresult) != 0)
+	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
 		{
 		  free (expr);
 		  return WRDE_SYNTAX;
@@ -778,7 +778,7 @@  parse_arith (char **word, size_t *word_length, size_t *max_length,
 	      long int numresult = 0;
 
 	      /* Go - evaluate. */
-	      if (*expr && eval_expr (expr, &numresult) != 0)
+	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
 		{
 		  free (expr);
 		  return WRDE_SYNTAX;
@@ -1843,11 +1843,11 @@  envsubst:
 	  if (!colon_seen && value)
 	    /* Substitute NULL */
 	    ;
-	  else
+	  else if (flags & WRDE_SHOWERR)
 	    {
 	      const char *str = pattern;
 
-	      if (str[0] == '\0')
+	      if (str && str[0] == '\0')
 		str = _("parameter null or not set");
 
 	      __fxprintf (NULL, "%s: %s\n", env, str);