From f829dff14259b113ae9d47ed7993ce8cf4576569 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= Date: Wed, 8 Nov 2023 17:00:51 +0100 Subject: [PATCH] fix segfault in subshell if $PATH contains a .paths directory Resolves: RHEL-12011 --- ksh-20120801-segfault-cd-paths.patch | 55 ++++++++++++++++++++++++++++ ksh.spec | 10 ++++- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 ksh-20120801-segfault-cd-paths.patch diff --git a/ksh-20120801-segfault-cd-paths.patch b/ksh-20120801-segfault-cd-paths.patch new file mode 100644 index 0000000..de98c75 --- /dev/null +++ b/ksh-20120801-segfault-cd-paths.patch @@ -0,0 +1,55 @@ +From 035a4cb3f453271b7ae63bcb53a7963b8dbe4c41 Mon Sep 17 00:00:00 2001 +From: Anuradha Weeraman +Date: Thu, 2 Jul 2020 18:29:07 -0400 +Subject: [PATCH] Fix segfault if $PATH contains a .paths directory (#55) + +ksh crashed if it encountered a .paths directory in any of the +directories in $PATH. + +Ref: https://bugs.launchpad.net/ubuntu/+source/ksh/+bug/1534855 + +src/cmd/ksh93/sh/path.c: path_chkpaths(): +- Refuse to read .paths if it's not a regular file + or a symlink to a regular file. + +Upstream-commit: 035a4cb3f453271b7ae63bcb53a7963b8dbe4c41 +Cherry-picked-by: Lukáš Zaoral +--- + src/cmd/ksh93/sh/path.c | 4 ++++ + src/cmd/ksh93/tests/path.sh | 9 +++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/src/cmd/ksh93/sh/path.c b/src/cmd/ksh93/sh/path.c +index 213a2a6c7375..25ade4073dad 100644 +--- a/src/cmd/ksh93/sh/path.c ++++ b/src/cmd/ksh93/sh/path.c +@@ -1507,6 +1507,10 @@ static int path_chkpaths(Shell_t *shp,Pathcomp_t *first, Pathcomp_t* old,Pathcom + if((fd=open(stakptr(offset),O_RDONLY))>=0) + { + fstat(fd,&statb); ++ if (!S_ISREG(statb.st_mode)) { ++ close(fd); ++ return 0; ++ } + n = statb.st_size; + stakseek(offset+pp->len+n+2); + sp = stakptr(offset+pp->len); +diff --git a/src/cmd/ksh93/tests/path.sh b/src/cmd/ksh93/tests/path.sh +index c9d8d2485e28..9725c74e31ea 100755 +--- a/src/cmd/ksh93/tests/path.sh ++++ b/src/cmd/ksh93/tests/path.sh +@@ -408,5 +408,14 @@ END + END + ) || err_exit '${.sh.xxx} variables causes cat not be found' + ++# ksh segfaults if $PATH contains a .paths directory ++mkdir -p $tmp/paths-dir-crash/ ++cat > $tmp/paths-dir-crash/run.sh <<- EOF ++mkdir -p $tmp/paths-dir-crash/.paths ++export PATH=$tmp/paths-dir-crash:$PATH ++print ok ++EOF ++[[ $($SHELL $tmp/paths-dir-crash/run.sh 2>/dev/null) == ok ]] || err_exit "ksh crashes if PATH contains a .paths directory" ++ + exit $((Errors<125?Errors:125)) + diff --git a/ksh.spec b/ksh.spec index 99e3b62..6c27b82 100644 --- a/ksh.spec +++ b/ksh.spec @@ -6,7 +6,7 @@ Summary: The Original ATT Korn Shell URL: http://www.kornshell.com/ License: EPL-1.0 Version: %{releasedate} -Release: 261%{?dist} +Release: 262%{?dist} Source0: http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{release_date}.tgz Source1: http://www.research.att.com/~gsf/download/tgz/INIT.%{release_date}.tgz Source2: kshcomp.conf @@ -244,6 +244,10 @@ Patch95: ksh-20120801-set+r-fix.patch # upstream commit: https://github.com/ksh93/ksh/commit/9a9da2c299a0adcd36b4efd1b1c0ee2883beba7b.patch Patch96: ksh-20120801-segfault-strdup.patch +# RHEL-12011 +# upstream commit: https://github.com/ksh93/ksh/commit/035a4cb3f453271b7ae63bcb53a7963b8dbe4c41 +Patch97: ksh-20120801-segfault-cd-paths.patch + Conflicts: pdksh Requires: coreutils, diffutils, chkconfig BuildRequires: bison @@ -397,6 +401,10 @@ fi %config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf %changelog +* Wed Nov 08 2023 Lukáš Zaoral - 20120801-262 +- fix segfault in subshell if $PATH contains a .paths directory + Resolves: RHEL-12011 + * Tue Oct 31 2023 Lukáš Zaoral - 20120801-261 - Fix segfault in strdup Resolves: RHEL-11982