From 1e4207d538f0a8840516b5d05c384b171d228411 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 6 Feb 2014 14:14:35 +0100 Subject: [PATCH] fix lexical parser crash (#960371) --- ksh-20120801-lexfix.patch | 56 +++++++++++++++++++++++++++++++++++++++ ksh.spec | 9 ++++++- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 ksh-20120801-lexfix.patch diff --git a/ksh-20120801-lexfix.patch b/ksh-20120801-lexfix.patch new file mode 100644 index 0000000..9150da8 --- /dev/null +++ b/ksh-20120801-lexfix.patch @@ -0,0 +1,56 @@ +diff -up ksh-20120801/src/cmd/ksh93/edit/edit.c.trajfiks ksh-20120801/src/cmd/ksh93/edit/edit.c +--- ksh-20120801/src/cmd/ksh93/edit/edit.c.trajfiks 2012-08-02 00:18:19.000000000 +0200 ++++ ksh-20120801/src/cmd/ksh93/edit/edit.c 2014-02-06 12:12:11.570942651 +0100 +@@ -53,6 +53,7 @@ + + static char CURSOR_UP[20] = { ESC, '[', 'A', 0 }; + static char KILL_LINE[20] = { ESC, '[', 'J', 0 }; ++static char *savelex; + + + +@@ -232,6 +233,8 @@ int tty_set(int fd, int action, struct t + void tty_cooked(register int fd) + { + register Edit_t *ep = (Edit_t*)(shgd->ed_context); ++ if(ep->sh->st.trap[SH_KEYTRAP] && savelex) ++ memcpy(ep->sh->lex_context,savelex,ep->sh->lexsize); + ep->e_keytrap = 0; + if(ep->e_raw==0) + return; +@@ -783,6 +786,13 @@ void ed_setup(register Edit_t *ep, int f + ep->e_lbuf[n] = *pp++; + ep->e_default = 0; + } ++ if(ep->sh->st.trap[SH_KEYTRAP]) ++ { ++ if(!savelex) ++ savelex = (char*)malloc(shp->lexsize); ++ if(savelex) ++ memcpy(savelex, ep->sh->lex_context, ep->sh->lexsize); ++ } + } + + static void ed_putstring(register Edit_t *ep, const char *str) +diff -up ksh-20120801/src/cmd/ksh93/include/defs.h.trajfiks ksh-20120801/src/cmd/ksh93/include/defs.h +--- ksh-20120801/src/cmd/ksh93/include/defs.h.trajfiks 2014-02-06 12:18:13.149091836 +0100 ++++ ksh-20120801/src/cmd/ksh93/include/defs.h 2014-02-06 12:18:13.175091784 +0100 +@@ -224,6 +224,7 @@ struct shared + int xargexit; \ + int nenv; \ + mode_t mask; \ ++ int lexsize; \ + Env_t *env; \ + void *init_context; \ + void *mac_context; \ +diff -up ksh-20120801/src/cmd/ksh93/sh/lex.c.trajfiks ksh-20120801/src/cmd/ksh93/sh/lex.c +--- ksh-20120801/src/cmd/ksh93/sh/lex.c.trajfiks 2014-02-06 12:19:13.587950320 +0100 ++++ ksh-20120801/src/cmd/ksh93/sh/lex.c 2014-02-06 12:19:13.623950219 +0100 +@@ -268,6 +268,7 @@ Lex_t *sh_lexopen(Lex_t *lp, Shell_t *sp + { + lp = (Lex_t*)newof(0,Lex_t,1,0); + lp->sh = sp; ++ sp->lexsize = sizeof(Lex_t); + } + fcnotify(lex_advance,lp); + lp->lex.intest = lp->lex.incase = lp->lex.skipword = lp->lexd.warn = 0; diff --git a/ksh.spec b/ksh.spec index d9c464a..c4a439a 100644 --- a/ksh.spec +++ b/ksh.spec @@ -6,7 +6,7 @@ URL: http://www.kornshell.com/ Group: System Environment/Shells License: EPL Version: 20120801 -Release: 14%{?dist} +Release: 15%{?dist} Source0: http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{releasedate}.tgz Source1: http://www.research.att.com/~gsf/download/tgz/INIT.%{releasedate}.tgz Source2: kshcomp.conf @@ -31,6 +31,9 @@ Patch10: ksh-20120801-mtty.patch Patch11: ksh-20120801-argvfix.patch Patch12: ksh-20130628-longer.patch +# for ksh <= 2013-04-09, rhbz#960371 +Patch13: ksh-20120801-lexfix.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Conflicts: pdksh Requires: coreutils, glibc-common, diffutils @@ -61,6 +64,7 @@ with "sh" (the Bourne Shell). %patch10 -p1 -b .mtty %patch11 -p1 -b .argvfix %patch12 -p1 -b .longer +%patch13 -p1 -b .lexfix #/dev/fd test does not work because of mock sed -i 's|ls /dev/fd|ls /proc/self/fd|' src/cmd/ksh93/features/options @@ -155,6 +159,9 @@ fi rm -rf $RPM_BUILD_ROOT %changelog +* Thu Feb 06 2014 Michal Hlavinka - 20120801-15 +- fix lexical parser crash (#960371) + * Fri Jan 17 2014 Michal Hlavinka - 20120801-14 - fix overflow in subshell loop