Fix segfault in strdup
Resolves: RHEL-11982
This commit is contained in:
parent
bf69d0e2dd
commit
505cee0471
45
ksh-20120801-segfault-strdup.patch
Normal file
45
ksh-20120801-segfault-strdup.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From 9a9da2c299a0adcd36b4efd1b1c0ee2883beba7b Mon Sep 17 00:00:00 2001
|
||||
From: Johnothan King <johnothanking@protonmail.com>
|
||||
Date: Mon, 6 Jul 2020 13:51:44 -0700
|
||||
Subject: [PATCH] Fix use of strdup on a NULL pointer (#63)
|
||||
|
||||
The following set of commands can rarely cause a memory fault
|
||||
when auditing[*] is enabled, although most of the time it will
|
||||
simply cause ksh to write '(null)' to the auditing file in place
|
||||
of a tty name:
|
||||
|
||||
$ [ -e /etc/ksh_audit ] || echo "/tmp/ksh_auditfile;$(id -u)" | sudo tee /etc/ksh_audit;
|
||||
$ v=$(ksh 2> /dev/null +o rc -ic $'getopts a:bc: opt --man\nprint $?')
|
||||
$ cat /tmp/ksh_auditfile
|
||||
1000;1593599493;(null); getopts a:bc: opt --man
|
||||
|
||||
This happens because strdup is used unconditionally on the pointer
|
||||
returned by 'ttyname', which can be NULL if stderr is closed. This
|
||||
then causes 'hp->tty' to be set to null, as strdup returns NULL.
|
||||
See https://github.com/att/ast/issues/1028
|
||||
|
||||
src/cmd/ksh93/edit/history.c:
|
||||
- Make strdup duplicate 'notty' instead of NULL to prevent
|
||||
crashes.
|
||||
|
||||
[*] https://blog.fpmurphy.com/2008/12/ksh93-auditing-and-accounting.html
|
||||
|
||||
Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
|
||||
Upstream-commit: 9a9da2c299a0adcd36b4efd1b1c0ee2883beba7b
|
||||
---
|
||||
src/cmd/ksh93/edit/history.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/ksh93/edit/history.c b/src/cmd/ksh93/edit/history.c
|
||||
index d6737e209ca0..f40f27b4a4d7 100644
|
||||
--- a/src/cmd/ksh93/edit/history.c
|
||||
+++ b/src/cmd/ksh93/edit/history.c
|
||||
@@ -395,7 +395,7 @@ int sh_histinit(void *sh_context)
|
||||
if(fd>=0)
|
||||
{
|
||||
fcntl(fd,F_SETFD,FD_CLOEXEC);
|
||||
- hp->tty = strdup(ttyname(2));
|
||||
+ hp->tty = strdup(isatty(2)?ttyname(2):"notty");
|
||||
hp->auditfp = sfnew((Sfio_t*)0,NULL,-1,fd,SF_WRITE);
|
||||
}
|
||||
}
|
10
ksh.spec
10
ksh.spec
@ -6,7 +6,7 @@ Summary: The Original ATT Korn Shell
|
||||
URL: http://www.kornshell.com/
|
||||
License: EPL-1.0
|
||||
Version: %{releasedate}
|
||||
Release: 260%{?dist}
|
||||
Release: 261%{?dist}
|
||||
Source0: http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{release_date}.tgz
|
||||
Source1: http://www.research.att.com/~gsf/download/tgz/INIT.%{release_date}.tgz
|
||||
Source2: kshcomp.conf
|
||||
@ -240,6 +240,10 @@ Patch94: ksh-20120801-segfault-long-command.patch
|
||||
# upstream commit: https://github.com/ksh93/ksh/commit/74b4162178c8a2347491b9fd3a22d8e6e1b7e831
|
||||
Patch95: ksh-20120801-set+r-fix.patch
|
||||
|
||||
# RHEL-11982
|
||||
# upstream commit: https://github.com/ksh93/ksh/commit/9a9da2c299a0adcd36b4efd1b1c0ee2883beba7b.patch
|
||||
Patch96: ksh-20120801-segfault-strdup.patch
|
||||
|
||||
Conflicts: pdksh
|
||||
Requires: coreutils, diffutils, chkconfig
|
||||
BuildRequires: bison
|
||||
@ -393,6 +397,10 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf
|
||||
|
||||
%changelog
|
||||
* Tue Oct 31 2023 Lukáš Zaoral <lzaoral@redhat.com> - 20120801-261
|
||||
- Fix segfault in strdup
|
||||
Resolves: RHEL-11982
|
||||
|
||||
* Mon Sep 18 2023 Lukáš Zaoral <lzaoral@redhat.com> - 20120801-260
|
||||
- Fix set +r so that it cannot unset the restricted option
|
||||
Resolves: #1948588
|
||||
|
Loading…
Reference in New Issue
Block a user