mirror of
git://git.savannah.gnu.org/guix.git
synced 2023-12-14 03:33:07 +01:00
f55aa0c7b7
* gnu/packages/patches/zsh-CVE-2018-7548.patch, gnu/packages/patches/zsh-CVE-2018-7549.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/shells.scm (zsh)[source]: Use them.
48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
Fix CVE-2018-7548:
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548
|
|
|
|
Patch copied from upstream source repository:
|
|
|
|
https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
|
|
|
|
From 110b13e1090bc31ac1352b28adc2d02b6d25a102 Mon Sep 17 00:00:00 2001
|
|
From: Joey Pabalinas <joeypabalinas@gmail.com>
|
|
Date: Tue, 23 Jan 2018 22:28:08 -0800
|
|
Subject: [PATCH] 42313: avoid null-pointer deref when using ${(PA)...} on an
|
|
empty array result
|
|
|
|
---
|
|
ChangeLog | 5 +++++
|
|
Src/subst.c | 2 +-
|
|
2 files changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
#diff --git a/ChangeLog b/ChangeLog
|
|
#index d2ba94afc..3037edda4 100644
|
|
#--- a/ChangeLog
|
|
#+++ b/ChangeLog
|
|
#@@ -1,3 +1,8 @@
|
|
#+2018-01-23 Barton E. Schaefer <schaefer@zsh.org>
|
|
#+
|
|
#+ * Joey Pabalinas: 42313: Src/subst.c: avoid null-pointer deref
|
|
#+ when using ${(PA)...} on an empty array result
|
|
#+
|
|
# 2018-01-23 Oliver Kiddle <okiddle@yahoo.co.uk>
|
|
#
|
|
# * 42317: Completion/Linux/Command/_cryptsetup,
|
|
diff --git a/Src/subst.c b/Src/subst.c
|
|
index d027e3d83..a265a187e 100644
|
|
--- a/Src/subst.c
|
|
+++ b/Src/subst.c
|
|
@@ -2430,7 +2430,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags,
|
|
val = aval[0];
|
|
isarr = 0;
|
|
}
|
|
- s = dyncat(val, s);
|
|
+ s = val ? dyncat(val, s) : dupstring(s);
|
|
/* Now behave po-faced as if it was always like that... */
|
|
subexp = 0;
|
|
/*
|
|
--
|
|
2.16.2
|
|
|