From: Oliver Kiddle <okiddle@yahoo.co.uk>
To: zsh-workers@zsh.org
Subject: Re: Zsh - Multiple DoS Vulnerabilities
Date: Tue, 21 May 2019 16:43:47 +0200 [thread overview]
Message-ID: <8241-1558449827.736091@IynH.PVDp.gkHU> (raw)
In-Reply-To: <38446-1558175484.765409@Nwft.Kz_v.zVUJ>
The following patch is one approach to fixing the last of these bugs.
There may be a cleaner approach relying on the WC_SUBLIST_END tags,
probably involving removing this whole block which is looking ahead to
the next wordcode rather than leaving it for the next iteration of the
big loop. But that would be a much bigger change with a greater chance
of breaking things.
The choice of "!" or "! " is a bit tricky and there may be some odd
cases remaining wherever ! is used without something to negate.
The code in exec.c that checks WC_SUBLIST_SKIP on the next code before
knowing that it is a sublist is harmless because it only assigns the
result to the next variable for later use. It still feels somewhat
impure to my taste but I've left it.
The patch also adds tests.
Oliver
diff --git a/Src/text.c b/Src/text.c
index 3658b1bc6..a4191bf1a 100644
--- a/Src/text.c
+++ b/Src/text.c
@@ -470,8 +470,13 @@ gettext2(Estate state)
" || " : " && ");
s->code = *state->pc++;
s->pop = (WC_SUBLIST_TYPE(s->code) == WC_SUBLIST_END);
- if (WC_SUBLIST_FLAGS(s->code) & WC_SUBLIST_NOT)
- taddstr("! ");
+ if (WC_SUBLIST_FLAGS(s->code) & WC_SUBLIST_NOT) {
+ if (WC_SUBLIST_SKIP(s->code) == 0)
+ stack = 1;
+ taddstr((stack || (!(WC_SUBLIST_FLAGS(s->code) &
+ WC_SUBLIST_SIMPLE) && wc_code(*state->pc) !=
+ WC_PIPE)) ? "!" : "! ");
+ }
if (WC_SUBLIST_FLAGS(s->code) & WC_SUBLIST_COPROC)
taddstr("coproc ");
}
diff --git a/Test/A01grammar.ztst b/Test/A01grammar.ztst
index 1ed3cb6b7..c8600d4cb 100644
--- a/Test/A01grammar.ztst
+++ b/Test/A01grammar.ztst
@@ -76,6 +76,39 @@
0:Basic current shell list with error
>false
+ fn() { : && ! ; : }
+ functions -x3 fn
+ fn
+0:End of sublist containing ! with no command
+>fn () {
+> : && !
+> :
+>}
+
+ if [[ m -eq y ]]; then
+ : && !
+ :
+ fi
+0:! followed by no further commands
+
+ fn() { ! {!} && ! (!) || ! {!} }
+ functions -x2 fn
+ fn
+0:exclamation marks without following commands
+>fn () {
+> ! {
+> !
+> } && ! (
+> !
+> ) || ! {
+> !
+> }
+>}
+
+ ! | true
+1:! followed by no command but by a pipe
+?(eval):1: parse error near `|'
+
#
# Tests for `Precommand Modifiers'
#
next prev parent reply other threads:[~2019-05-21 14:44 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-10 15:03 David Wells
2019-05-10 16:37 ` Bart Schaefer
2019-05-12 16:21 ` Stephane Chazelas
2019-05-13 16:29 ` David Wells
2019-05-13 22:02 ` Bart Schaefer
2019-05-14 18:10 ` Stephane Chazelas
2019-05-14 21:24 ` Daniel Shahaf
2019-05-14 21:38 ` Bart Schaefer
2019-05-14 21:39 ` Daniel Shahaf
2019-05-14 22:25 ` Bart Schaefer
2019-05-15 10:48 ` Daniel Shahaf
2019-05-31 12:05 ` [PATCH] [doc] [repost] warnings about restricted shell (Was: Zsh - Multiple DoS Vulnerabilities) Stephane Chazelas
2019-06-03 9:35 ` Peter Stephenson
2019-06-04 2:39 ` dana
2019-06-04 7:34 ` dana
2019-05-10 20:27 ` Zsh - Multiple DoS Vulnerabilities Bart Schaefer
2019-05-11 1:45 ` #7 (typeset -Tp) (was Re: Zsh - Multiple DoS Vulnerabilities) Oliver Kiddle
2019-05-13 9:01 ` Peter Stephenson
2019-05-13 21:11 ` PATCH: #6 negative job id (Re: " Oliver Kiddle
2019-05-13 21:44 ` Zsh - Multiple DoS Vulnerabilities Oliver Kiddle
2019-05-13 22:36 ` #3 typeset and braces (Re: Zsh - Multiple DoS Vulnerabilities) Oliver Kiddle
2019-05-14 0:13 ` Mikael Magnusson
2019-05-14 5:38 ` Bart Schaefer
2019-05-14 10:50 ` Peter Stephenson
2019-05-14 16:38 ` Zsh - Multiple DoS Vulnerabilities Peter Stephenson
2019-05-14 20:30 ` Oliver Kiddle
2019-05-15 16:50 ` Mikael Magnusson
2019-05-16 20:37 ` Peter Stephenson
2019-05-17 13:41 ` Mikael Magnusson
2019-05-17 13:51 ` Mikael Magnusson
2019-05-17 14:28 ` Mikael Magnusson
2019-05-18 10:31 ` Oliver Kiddle
2019-05-21 14:43 ` Oliver Kiddle [this message]
[not found] ` <CGME20190521154256eucas1p1f0816d2467abd8bf4a0c31058af2983a@eucas1p1.samsung.com>
2019-05-21 15:42 ` Peter Stephenson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8241-1558449827.736091@IynH.PVDp.gkHU \
--to=okiddle@yahoo.co.uk \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).