From f9dc7ff03a5b63d20ce473c1172e29b736dbea28 Mon Sep 17 00:00:00 2001 From: "David Kaspar [Dee'Kej]" Date: Wed, 21 Sep 2016 16:51:08 +0200 Subject: [PATCH] CVE-2016-0634: upstream patch imported --- parse.y | 20 ++++++++++++++++---- y.tab.c | 20 ++++++++++++++++---- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/parse.y b/parse.y index 0a7fcaa..5676ad7 100644 --- a/parse.y +++ b/parse.y @@ -5252,7 +5252,7 @@ decode_prompt_string (string) #if defined (PROMPT_STRING_DECODE) int result_size, result_index; int c, n, i; - char *temp, octal_string[4]; + char *temp, *t_host, octal_string[4]; struct tm *tm; time_t the_time; char timebuf[128]; @@ -5400,7 +5400,11 @@ decode_prompt_string (string) case 's': temp = base_pathname (shell_name); - temp = savestring (temp); + /* Try to quote anything the user can set in the file system */ + if (promptvars || posixly_correct) + temp = sh_backslash_quote_for_double_quotes (temp); + else + temp = savestring (temp); goto add_string; case 'v': @@ -5490,9 +5494,17 @@ decode_prompt_string (string) case 'h': case 'H': - temp = savestring (current_host_name); - if (c == 'h' && (t = (char *)strchr (temp, '.'))) + t_host = savestring (current_host_name); + if (c == 'h' && (t = (char *)strchr (t_host, '.'))) *t = '\0'; + if (promptvars || posixly_correct) + /* Make sure that expand_prompt_string is called with a + second argument of Q_DOUBLE_QUOTES if we use this + function here. */ + temp = sh_backslash_quote_for_double_quotes (t_host); + else + temp = savestring (t_host); + free (t_host); goto add_string; case '#': diff --git a/y.tab.c b/y.tab.c index 793daf6..726d0de 100644 --- a/y.tab.c +++ b/y.tab.c @@ -7540,7 +7540,7 @@ decode_prompt_string (string) #if defined (PROMPT_STRING_DECODE) int result_size, result_index; int c, n, i; - char *temp, octal_string[4]; + char *temp, *t_host, octal_string[4]; struct tm *tm; time_t the_time; char timebuf[128]; @@ -7688,7 +7688,11 @@ decode_prompt_string (string) case 's': temp = base_pathname (shell_name); - temp = savestring (temp); + /* Try to quote anything the user can set in the file system */ + if (promptvars || posixly_correct) + temp = sh_backslash_quote_for_double_quotes (temp); + else + temp = savestring (temp); goto add_string; case 'v': @@ -7778,9 +7782,17 @@ decode_prompt_string (string) case 'h': case 'H': - temp = savestring (current_host_name); - if (c == 'h' && (t = (char *)strchr (temp, '.'))) + t_host = savestring (current_host_name); + if (c == 'h' && (t = (char *)strchr (t_host, '.'))) *t = '\0'; + if (promptvars || posixly_correct) + /* Make sure that expand_prompt_string is called with a + second argument of Q_DOUBLE_QUOTES if we use this + function here. */ + temp = sh_backslash_quote_for_double_quotes (t_host); + else + temp = savestring (t_host); + free (t_host); goto add_string; case '#': -- 2.7.4