From patchwork Sat Mar 18 12:59:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julian Squires X-Patchwork-Id: 66559 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 025833850861 for ; Sat, 18 Mar 2023 13:00:29 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 025833850861 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1679144429; bh=I3hW++p0xRAmy1rRGm3jqt7+KSxSgeAzTY2tXi/uOQ8=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=DpKAaEPkrxhfhDUtfBcJmnOauEhHfMU91oWsqqxAlB1KnRK/JcP+HP6kH7jPoOlZj /t+RjhNlHvrZY2PRyZHEZ7dMwN5MgqlxEG+5OR2AJ45XPH+fWjLUQ5vcNZ7+2S4FGh py3fyW3qyKZ0xQ3R7DuQnFvpRGr6FiTxoZRfAbEU= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from m43-12.mailgun.net (m43-12.mailgun.net [69.72.43.12]) by sourceware.org (Postfix) with UTF8SMTPS id 98BF93858CDB for ; Sat, 18 Mar 2023 13:00:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 98BF93858CDB X-Mailgun-Sending-Ip: 69.72.43.12 X-Mailgun-Sid: WyIwMzc2OCIsImxpYmMtYWxwaGFAc291cmNld2FyZS5vcmciLCJkMWMxM2MiXQ== Received: from localhost.localdomain (mtprnf0117w-47-55-251-45.dhcp-dynamic.fibreop.nl.bellaliant.net [47.55.251.45]) by 7a2039c4603b with SMTP id 6415b5d7a30a5ed725a91501 (version=TLS1.3, cipher=TLS_AES_128_GCM_SHA256); Sat, 18 Mar 2023 13:00:07 GMT To: libc-alpha@sourceware.org Cc: Julian Squires Subject: [PATCH] posix: Fix some null deferences in wordexp [BZ #18096] Date: Sat, 18 Mar 2023 10:29:50 -0230 Message-Id: <20230318125950.3611824-1-julian@cipht.net> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, JMQ_SPF_NEUTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Julian Squires via Libc-alpha From: Julian Squires Reply-To: Julian Squires Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Without these fixes, the first three included tests segfault (on a NULL dereference); the third aborts on an assertion. Signed-off-by: Julian Squires --- I wasn't aware of the long-languishing issue in Bugzilla before starting this, which largely includes the same changes, but perhaps supplying this with test cases will help it be adopted. Despite the security exception for wordexp, it still seems reasonable not to crash in these cases. posix/wordexp-test.c | 4 ++++ posix/wordexp.c | 12 ++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c index f7a591149b..bae27d6cee 100644 --- a/posix/wordexp-test.c +++ b/posix/wordexp-test.c @@ -117,6 +117,8 @@ struct test_case_struct { 0, NULL, "$((010+0x10))", 0, 1, { "24" }, IFS }, { 0, NULL, "$((-010+0x10))", 0, 1, { "8" }, IFS }, { 0, NULL, "$((-0x10+010))", 0, 1, { "-8" }, IFS }, + { 0, NULL, "$(())", 0, 1, { "0", }, IFS }, + { 0, NULL, "$[]", 0, 1, { "0", }, IFS }, /* Advanced parameter expansion */ { 0, NULL, "${var:-bar}", 0, 1, { "bar", }, IFS }, @@ -138,6 +140,8 @@ struct test_case_struct { 0, "12345", "${#var}", 0, 1, { "5", }, IFS }, { 0, NULL, "${var:-'}'}", 0, 1, { "}", }, IFS }, { 0, NULL, "${var-}", 0, 0, { NULL }, IFS }, + { 0, NULL, "${a?}", 0, 0, { NULL, }, IFS }, + { 0, NULL, "${#a=}", 0, 1, { "0", }, IFS }, { 0, "pizza", "${var#${var}}", 0, 0, { NULL }, IFS }, { 0, "pepperoni", "${var%$(echo oni)}", 0, 1, { "pepper" }, IFS }, diff --git a/posix/wordexp.c b/posix/wordexp.c index 0da98f5b08..287bb05feb 100644 --- a/posix/wordexp.c +++ b/posix/wordexp.c @@ -720,7 +720,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length, ++(*offset); /* Go - evaluate. */ - if (*expr && eval_expr (expr, &numresult) != 0) + if (expr && eval_expr (expr, &numresult) != 0) { free (expr); return WRDE_SYNTAX; @@ -758,7 +758,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length, long int numresult = 0; /* Go - evaluate. */ - if (*expr && eval_expr (expr, &numresult) != 0) + if (expr && eval_expr (expr, &numresult) != 0) { free (expr); return WRDE_SYNTAX; @@ -1790,7 +1790,7 @@ envsubst: { const char *str = pattern; - if (str[0] == '\0') + if (!str || str[0] == '\0') str = _("parameter null or not set"); __fxprintf (NULL, "%s: %s\n", env, str); @@ -1813,7 +1813,7 @@ envsubst: goto success; value = pattern ? __strdup (pattern) : pattern; - free_value = 1; + free_value = !!pattern; if (pattern && !value) goto no_space; @@ -1827,7 +1827,7 @@ envsubst: free (value); value = pattern ? __strdup (pattern) : pattern; - free_value = 1; + free_value = !!pattern; if (pattern && !value) goto no_space; @@ -1857,7 +1857,7 @@ envsubst: free (value); value = pattern ? __strdup (pattern) : pattern; - free_value = 1; + free_value = !!pattern; if (pattern && !value) goto no_space;