From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 9f6f69bb for ; Tue, 21 May 2019 14:44:52 +0000 (UTC) Received: (qmail 15710 invoked by alias); 21 May 2019 14:44:36 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 44345 Received: (qmail 8929 invoked by uid 1010); 21 May 2019 14:44:36 -0000 X-Qmail-Scanner-Diagnostics: from park01.gkg.net by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.101.2/25454. spamassassin: 3.4.2. Clear:RC:0(205.235.26.22):SA:0(-1.9/5.0):. Processed in 2.298263 secs); 21 May 2019 14:44:36 -0000 X-Envelope-From: SRS0=jgVs=TV=yahoo.co.uk=okiddle@bounces.park01.gkg.net X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at bounces.park01.gkg.net designates 205.235.26.22 as permitted sender) X-Virus-Scanned: by amavisd-new at gkg.net Authentication-Results: amavisd4.gkg.net (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.co.uk X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s2048; t=1558449831; bh=5gBx4F3SpAU4MUonIVM0fZEpvB/79AMju1gZOaruWT4=; h=From:References:To:Subject:Date:From:Subject; b=SRdbFJkxRXa4Th+R7a4OkfHd95TP+Nj4u+781gULF5TT6jQP34xHdqy7w9iBgTLMcLIsWphvYhQS0jRT0SfnZ0Mdlma1ThvvJ8+gJmKMLmesJjgych6ep0QwtIRStHkr4FIkPzPjQvBmZnqV7BLrKiYZIzAfhWtNu8GTpDG0T9DIG39R9NdDwoXotJLqaUlH1/hbXShto0dJH0RL0EXVl4xCNz5K52a+zojD2MQrdrA5RDEOGyXFvMO/J2xHaTPcVDV8jJmzFlFxEfnC47XYmOFWOUkJzjNbkwKPhfzvWUs6pjxmPTXJTrsXxFxKaITzR6epyexgtGYPw6SdZX6KWg== X-YMail-OSG: 7akD2kcVM1kuPor7WEX_HL.j5GoKLb68UUmvKqvXcXmYQx9BcT050DvwiNTuxvN 3wId07fzvPbWuYTGMRuAstbbYpEPU8EoRctSTeIWDHepzPI7wEIMq3GHLnZrF595UrwyxVTbzUil 60wkj3_DDYNfy8bjJnb05P.bg5ZM422fnLKZtGXyNcNElb5ytH1RcxsQg_hm0YHUBhb_R8naYTC1 wU6Vtfx2cgCq_LR2jxNXt0OvlR17_yDZ53YX1zDAwei25nWiPik5YotD6HNj9ZEbN38lO57.mE0o QVCXwNT7cOBD1XkGR6EoT4brx211CnjnfW9fyABxxt5zmRtWgRvzFSzdh4cuIGDK1U.D5XEfs_mn Qhz7aGEFh0GK7RJtFeNWY0BtVezP1LBmGiYBTYCIjz0NLj16Zp5n3AB.p3sgdb_yVcrPsiJTSBgX 8DeFKmTWl7YxYNZRP2mMD5AMkbY6wuysiRqxn41eLr91TsmdjWt8_fqJlwDWegFfco1tr7HZBe6w 9W2ctFRgFB9fN7wg578vE37zl11gAQ2_CpOw786HPDEu06MIsfV6ajszaq.P2Z4vyOivlJv150X8 9EhRh0tpCbo_xHFQ6Qpces5tn.Z0U8efwmrgEAtirUQo95k8Zq1Qg_cmLxfyi2unSW2To047IM_4 81Jx40Q74u9pYR5PyGeC0FvlgH_WkWmlby3NrBJtWOwgNIe4ySk2u46s8HpVSd5dmdJ6T9ty8eo9 tne4pb2lib8Dt0pGuIi_az0DMMh25ntVyP0Lq5.SYy9v77NBoUDF5ZzzS2tEIMaXohVvEUiNr7AS 1wuxtOXoF7UbcpITuZnqa8xZSi3pJmtrRvb86N5eLF13GUzq0W75bMfqAmUhWnIDfLjaSgBYrbyF ynGKI7q94OzLe60FYB7Ufx2UjU6aAofniPUBJvPQV.ObJvWpFsH8s9GE.XvX2jHhuL.V4Pk_M.Cb KM7fDGadz8Y48fOo18kFmgLrn7YRmwGJOu78zP0UZZ1HYBQtTgLwML.sFDZsBmkbLdKAgHfMmTsC qqYf1PgJpieFd_tjJtwf9w6LauDfAo5Dzk75uwqgWZ_dV4w3KnQPaaGTxXOD.hpV5zWoxLv4ieNe SftzrnLION6RQLw3aO33cuxLespd3sqWRzw.JLCJR10nEogrgipEGEdFXt.9xVzvsp_rVYjygNvM 3FJGwL_zA_zu1.jOkG6QOE2Db In-reply-to: <38446-1558175484.765409@Nwft.Kz_v.zVUJ> From: Oliver Kiddle References: <21436-1557865831.121649@2P7I.HAU9.QsaG> <889eb5518ad0f98899ba24c2f3e95a87f7cc3df6.camel@ntlworld.com> <38446-1558175484.765409@Nwft.Kz_v.zVUJ> To: zsh-workers@zsh.org Subject: Re: Zsh - Multiple DoS Vulnerabilities MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <8240.1558449827.1@hydra> Date: Tue, 21 May 2019 16:43:47 +0200 Message-ID: <8241-1558449827.736091@IynH.PVDp.gkHU> The following patch is one approach to fixing the last of these bugs. There may be a cleaner approach relying on the WC_SUBLIST_END tags, probably involving removing this whole block which is looking ahead to the next wordcode rather than leaving it for the next iteration of the big loop. But that would be a much bigger change with a greater chance of breaking things. The choice of "!" or "! " is a bit tricky and there may be some odd cases remaining wherever ! is used without something to negate. The code in exec.c that checks WC_SUBLIST_SKIP on the next code before knowing that it is a sublist is harmless because it only assigns the result to the next variable for later use. It still feels somewhat impure to my taste but I've left it. The patch also adds tests. Oliver diff --git a/Src/text.c b/Src/text.c index 3658b1bc6..a4191bf1a 100644 --- a/Src/text.c +++ b/Src/text.c @@ -470,8 +470,13 @@ gettext2(Estate state) " || " : " && "); s->code = *state->pc++; s->pop = (WC_SUBLIST_TYPE(s->code) == WC_SUBLIST_END); - if (WC_SUBLIST_FLAGS(s->code) & WC_SUBLIST_NOT) - taddstr("! "); + if (WC_SUBLIST_FLAGS(s->code) & WC_SUBLIST_NOT) { + if (WC_SUBLIST_SKIP(s->code) == 0) + stack = 1; + taddstr((stack || (!(WC_SUBLIST_FLAGS(s->code) & + WC_SUBLIST_SIMPLE) && wc_code(*state->pc) != + WC_PIPE)) ? "!" : "! "); + } if (WC_SUBLIST_FLAGS(s->code) & WC_SUBLIST_COPROC) taddstr("coproc "); } diff --git a/Test/A01grammar.ztst b/Test/A01grammar.ztst index 1ed3cb6b7..c8600d4cb 100644 --- a/Test/A01grammar.ztst +++ b/Test/A01grammar.ztst @@ -76,6 +76,39 @@ 0:Basic current shell list with error >false + fn() { : && ! ; : } + functions -x3 fn + fn +0:End of sublist containing ! with no command +>fn () { +> : && ! +> : +>} + + if [[ m -eq y ]]; then + : && ! + : + fi +0:! followed by no further commands + + fn() { ! {!} && ! (!) || ! {!} } + functions -x2 fn + fn +0:exclamation marks without following commands +>fn () { +> ! { +> ! +> } && ! ( +> ! +> ) || ! { +> ! +> } +>} + + ! | true +1:! followed by no command but by a pipe +?(eval):1: parse error near `|' + # # Tests for `Precommand Modifiers' #