46 lines
1.3 KiB
Diff
46 lines
1.3 KiB
Diff
From 9ce87af4ced4e21258e6003f1fb65b05ca5a7d14 Mon Sep 17 00:00:00 2001
|
|
From: Oliver Kiddle <opk@zsh.org>
|
|
Date: Wed, 15 Dec 2021 01:56:40 +0100
|
|
Subject: [PATCH] security/41: Don't perform PROMPT_SUBST evaluation on %F/%K
|
|
arguments
|
|
|
|
Mitigates CVE-2021-45444
|
|
|
|
Upstream-commit: c187154f47697cdbf822c2f9d714d570ed4a0fd1
|
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
---
|
|
Src/prompt.c | 10 ++++++++++
|
|
1 file changed, 10 insertions(+)
|
|
|
|
diff --git a/Src/prompt.c b/Src/prompt.c
|
|
index 95da525..1368f8e 100644
|
|
--- a/Src/prompt.c
|
|
+++ b/Src/prompt.c
|
|
@@ -244,6 +244,12 @@ parsecolorchar(int arg, int is_fg)
|
|
bv->fm += 2; /* skip over F{ */
|
|
if ((ep = strchr(bv->fm, '}'))) {
|
|
char oc = *ep, *col, *coll;
|
|
+ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
|
|
+ int opp = opts[PROMPTPERCENT];
|
|
+
|
|
+ opts[PROMPTPERCENT] = 1;
|
|
+ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
|
|
+
|
|
*ep = '\0';
|
|
/* expand the contents of the argument so you can use
|
|
* %v for example */
|
|
@@ -252,6 +258,10 @@ parsecolorchar(int arg, int is_fg)
|
|
arg = match_colour((const char **)&coll, is_fg, 0);
|
|
free(col);
|
|
bv->fm = ep;
|
|
+
|
|
+ opts[PROMPTSUBST] = ops;
|
|
+ opts[PROMPTBANG] = opb;
|
|
+ opts[PROMPTPERCENT] = opp;
|
|
} else {
|
|
arg = match_colour((const char **)&bv->fm, is_fg, 0);
|
|
if (*bv->fm != '}')
|
|
--
|
|
2.34.1
|
|
|