fix use of strdup on a NULL pointer

Resolves: RHEL-11982
2024-02-09 10:10:33 +01:00 · 2024-02-09 10:10:33 +01:00 · 55ccbd1c4a
commit 55ccbd1c4a
parent d229cb622e
2 changed files with 69 additions and 1 deletions
--- a/ksh-1.0.8-fix-strdup-on-null.patch
+++ b/ksh-1.0.8-fix-strdup-on-null.patch
@ -0,0 +1,62 @@
+From 9eb8532ccacf1cfdb7ba18f51eba68776852ef7c Mon Sep 17 00:00:00 2001
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Thu, 8 Feb 2024 22:10:58 +0100
+Subject: [PATCH] Re-fix use of strdup on a NULL pointer (re: 9a9da2c2) (#718)
+
+Thank you @lzaoral for debugging this issue and creating this
+reproducer:
+
+$ tty   # check that the shell is connected to a pseudoterminal
+/dev/pts/4
+$ mkdir /var/tmp/chroottest
+$ dnf --releasever=39 --installroot=/var/tmp/chroottest install ksh
+$ echo "/dev/udp/127.0.0.1/514;0;104" |
+        sudo tee /var/tmp/chroottest/etc/ksh_audit
+$ sudo chroot /var/tmp/chroottest /bin/ksh -lic 'exit 0'
+(ksh segfaults)
+
+Analysis: On Linux, ttyname(3)[*] may fail if:
+
+* EBADF  Bad file descriptor.
+* ENODEV fd refers to a slave pseudoterminal device but the
+         corresponding pathname could not be found [...].
+* ENOTTY fd does not refer to a terminal device.
+
+Calling isatty(3) before ttyname(3) only prevents the first and
+third cases.
+
+src/cmd/ksh93/edit/history.c: sh_histinit():
+- To catch the second case, let's call ttyname(2) directly, check
+  for NULL and remove the redundant isatty() call.
+
+[*] https://man7.org/linux/man-pages/man3/ttyname.3.html
+
+Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
+Upstream-commit: 9eb8532ccacf1cfdb7ba18f51eba68776852ef7c
+
+---
+ src/cmd/ksh93/edit/history.c    | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/cmd/ksh93/edit/history.c b/src/cmd/ksh93/edit/history.c
+index a7b084e5c16f..25832a59265b 100644
+--- a/src/cmd/ksh93/edit/history.c
+++ b/src/cmd/ksh93/edit/history.c
+@@ -15,6 +15,7 @@
+ *            Johnothan King <johnothanking@protonmail.com>             *
+ *         hyenias <58673227+hyenias@users.noreply.github.com>          *
+ *                Govind Kamat <govind_kamat@yahoo.com>                 *
+*               Vincent Mihalkovic <vmihalko@redhat.com>               *
+ *                                                                      *
+ ***********************************************************************/
+ /*
+@@ -353,7 +354,8 @@ int  sh_histinit(void)
+ 			if(fd>=0)
+ 			{
+ 				fcntl(fd,F_SETFD,FD_CLOEXEC);
+-				hp->tty = sh_strdup(isatty(2)?ttyname(2):"notty");
+				const char* tty = ttyname(2);
+				hp->tty = sh_strdup(tty?tty:"notty");
+ 				hp->auditfp = sfnew(NULL,NULL,-1,fd,SF_WRITE);
+ 			}
+ 		}
--- a/ksh.spec
+++ b/ksh.spec
@ -4,12 +4,15 @@ URL:          http://www.kornshell.com/
 License:      EPL-2.0
 Epoch:        3
 Version:      1.0.8
-Release:      3%{?dist}
+Release:      4%{?dist}
 Source0:      https://github.com/ksh93/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:      kshcomp.conf
 Source2:      kshrc.rhs
 Source3:      dotkshrc

+# Re-fix use of strdup on a NULL pointer (RHEL-11982)
+Patch1:       ksh-1.0.8-fix-strdup-on-null.patch
+
 Conflicts:    pdksh
 Requires: coreutils, diffutils
 BuildRequires: gcc
@ -138,6 +141,9 @@ fi
 %config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf

 %changelog
+* Fri Feb 09 2024 Lukáš Zaoral <lzaoral@redhat.com> - 3:1.0.8-4
+- fix use of strdup on a NULL pointer (RHEL-11982)
+
 * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3:1.0.8-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild