Switch to stderror() when parsing history so that we stop processing immediately

Loading corrupted history should no more resulted in resource consumption
2020-10-14 12:24:47 +02:00 · 2020-10-14 12:24:47 +02:00 · 52814d3666
commit 52814d3666
parent da4bd09492
3 changed files with 106 additions and 1 deletions
--- a/tcsh-6.22.02-avoid-crashing-when-loading-corrupted-history.patch
+++ b/tcsh-6.22.02-avoid-crashing-when-loading-corrupted-history.patch
@ -0,0 +1,47 @@
+From 7d25c5d5ad5e9c0cd17a21f73aeb2374a29ecd83 Mon Sep 17 00:00:00 2001
+From: zoulasc <christos@zoulas.com>
+Date: Fri, 31 Jul 2020 14:30:40 -0400
+Subject: [PATCH] Switch to stderror() when parsing history so that we stop
+ processing immediately (Jan Macku)
+
+---
+ sh.lex.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/sh.lex.c b/sh.lex.c
+index ecab059..d83ffa0 100644
+--- a/sh.lex.c
+++ b/sh.lex.c
+@@ -183,8 +183,7 @@ lex(struct wordent *hp)
+ 	wdp->word = word(parsehtime);
+ 	parsehtime = 0;
+ 	if (enterhist && toolong++ > 10 * 1024) {
+-	    seterror(ERR_LTOOLONG);
+-	    break;
+	    stderror(ERR_LTOOLONG);
+ 	}
+     } while (wdp->word[0] != '\n');
+     cleanup_ignore(hp);
+@@ -303,8 +302,7 @@ word(int parsehtime)
+     cleanup_push(&wbuf, Strbuf_cleanup);
+ loop:
+     if (enterhist && toolong++ > 256 * 1024) {
+-	seterror(ERR_WTOOLONG);
+-	goto ret;
+	stderror(ERR_WTOOLONG);
+     }
+     while ((c = getC(DOALL)) == ' ' || c == '\t')
+ 	continue;
+@@ -365,8 +363,7 @@ loop:
+     dolflg = DOALL;
+     for (;;) {
+ 	if (enterhist && toolong++ > 256 * 1024) {
+-	    seterror(ERR_WTOOLONG);
+-	    goto ret;
+	    stderror(ERR_WTOOLONG);
+ 	}
+ 	if (c1) {
+ 	    if (c == c1) {
+-- 
+2.25.4
+
--- a/tcsh-6.22.02-call-seterror-consistently-and-abort-quickly.patch
+++ b/tcsh-6.22.02-call-seterror-consistently-and-abort-quickly.patch
@ -0,0 +1,53 @@
+From 064853aa25f498aa7bc4554393a53240696813fa Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Fri, 24 Jul 2020 13:49:21 -0400
+Subject: [PATCH] Call seterror consistently and abort quickly (Jan Macku)
+
+---
+ sh.lex.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/sh.lex.c b/sh.lex.c
+index d7d0ac5..ecab059 100644
+--- a/sh.lex.c
+++ b/sh.lex.c
+@@ -182,8 +182,10 @@ lex(struct wordent *hp)
+ 	wdp = new;
+ 	wdp->word = word(parsehtime);
+ 	parsehtime = 0;
+-	if (enterhist && toolong++ > 10 * 1024)
+-	    stderror(ERR_LTOOLONG);
+	if (enterhist && toolong++ > 10 * 1024) {
+	    seterror(ERR_LTOOLONG);
+	    break;
+	}
+     } while (wdp->word[0] != '\n');
+     cleanup_ignore(hp);
+     cleanup_until(hp);
+@@ -300,8 +302,10 @@ word(int parsehtime)
+ 
+     cleanup_push(&wbuf, Strbuf_cleanup);
+ loop:
+-    if (enterhist && toolong++ > 256 * 1024)
+    if (enterhist && toolong++ > 256 * 1024) {
+ 	seterror(ERR_WTOOLONG);
+	goto ret;
+    }
+     while ((c = getC(DOALL)) == ' ' || c == '\t')
+ 	continue;
+     if (cmap(c, _META | _ESC))
+@@ -360,8 +364,10 @@ loop:
+     c1 = 0;
+     dolflg = DOALL;
+     for (;;) {
+-	if (enterhist && toolong++ > 256 * 1024)
+	if (enterhist && toolong++ > 256 * 1024) {
+ 	    seterror(ERR_WTOOLONG);
+	    goto ret;
+	}
+ 	if (c1) {
+ 	    if (c == c1) {
+ 		c1 = 0;
+-- 
+2.25.4
+
--- a/tcsh.spec
+++ b/tcsh.spec
@ -13,7 +13,7 @@
 Name:             tcsh
 Summary:          An enhanced version of csh, the C shell
 Version:          6.22.02
-Release:          4%{?dist}
+Release:          5%{?dist}
 License:          BSD

 URL:              http://www.tcsh.org/
@ -43,6 +43,8 @@ BuildRequires:    ncurses-devel
 # Upstream patches -- official upstream patches released by upstream since the
 # ----------------    last rebase that are necessary for any reason:
 Patch001: tcsh-6.22.02-avoid-gcc-to-fail.patch
+Patch002: tcsh-6.22.02-call-seterror-consistently-and-abort-quickly.patch
+Patch003: tcsh-6.22.02-avoid-crashing-when-loading-corrupted-history.patch


 # Downstream patches -- these should be always included when doing rebase:
@ -177,6 +179,9 @@ fi
 # =============================================================================

 %changelog
+* Wed Oct 14 2020 Jan Macku <jamacku@redhat.com> - 6.22.02-5
+- Switch to stderror() when parsing history so that we stop processing immediately to avoid crashes
+
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.22.02-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild