From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 26652 invoked from network); 22 Apr 2023 20:56:28 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 22 Apr 2023 20:56:28 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1682196988; b=atBOsJFBtHM/8UckMcTOXeNiKQlGOs6sTm87eDUyd81maJkX7bfm6MdMKwUTiw+/Qcd2z4R4we lWjHCMlQNeCv7LqQlOQscsnLWHm6eTDoqlyduO2iUzsXETDCVBsTjfhDoin19qizHTUtw3mx+j H2af1GRBIhy8eVI9zpTOwxAXJ6TO+INpFs2AMSxeXoR7j+rLZheWQe7r3Nf1MqGBi5DBULxRRp NHFMVZE/OkHrANHe1+yUCJY2Itl/WFI4O6/iDy6HiqP4AyW5luBhJMMzIIQFx8/qeASSWwuBaN pVOVsH6Ltxolx9ned9HOJ2z2OgJZNarHQ3DElUyCsXLQkA==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mail-ej1-f52.google.com) smtp.remote-ip=209.85.218.52; dkim=pass header.d=brasslantern-com.20221208.gappssmtp.com header.s=20221208 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1682196988; bh=3QHPpPVk3S7AWH6DFvrFaPQ5wFFhhiIzzGcni8QGXqI=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Transfer-Encoding:Content-Type:Cc:To:Subject: Message-ID:Date:From:In-Reply-To:References:MIME-Version:DKIM-Signature: DKIM-Signature; b=XM29ruyc0+ENoCiZqpQLu9FzNx1jXWZTQW5RtAnuaYi2/4X09KPc8fCBQckn+DdrhR0C0v0Tjl nOmOPFZUSdyJQq0Qc4SD43wD9OHq4a3EM4OX40iszAHGzsb9dAaLwYRsV64qi+FHlnvHYNMA5P 2ypHB2dfTNA0545zc3k2owY9HQ13aDPjC6bHwXLuqwvzLMJC+iJJMKis7dCIzAC2LmVbHePD/z PAzvVvexk8uxG0OsSNfQjoYyrqyYXiZrvQsIyUZnIokKXm6cBU/8o+gV0ZpG11gZYHFVotXDY5 7IXz4acdSq/3T/r61QzuYRh3kMC3f5GEILIwk1hp/s94vA==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Transfer-Encoding: Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References: MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=S8FqOBrBIDwRaNZdDbW+VmrE3EIn2eEpqcSfTXVfVyQ=; b=k7W00bLvrXwUF4B5iYSYAnQBAP NmaQTSRxxkIUqvp0u96tXRbLGsrQDKxwdOeXQaBuFA5wX60ZMjKUC5d70MD1uiJ+g5bwytJbFxW1Y 0JsgZMOQD3NZ1vTgUAKPWDYaCHMEHjzibJSYr1+lCZbuLpiOEFAVbvUdbWFPxCed2fCA6KmPnelDf a6phFIK1P6vo9b7+08JEegZ59dJNM0dh1DXmiYSg0nl7YUKLz2HrvygcMjD6Csh32MVTr/TOqBlJ9 8tYngR9VJSAtDHhydbwIVGS5FyDgu4cqe5v+6TP3ADfJEoPyshevY+2+CaTkeO0ekQzZeoNVX4S9O tvokTeFA==; Received: by zero.zsh.org with local id 1pqKHS-000FNJ-D3; Sat, 22 Apr 2023 20:56:26 +0000 Authentication-Results: zsh.org; iprev=pass (mail-ej1-f52.google.com) smtp.remote-ip=209.85.218.52; dkim=pass header.d=brasslantern-com.20221208.gappssmtp.com header.s=20221208 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none Received: from mail-ej1-f52.google.com ([209.85.218.52]:53303) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) id 1pqKGp-000F4I-6m; Sat, 22 Apr 2023 20:55:50 +0000 Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-94f3df30043so437285866b.2 for ; Sat, 22 Apr 2023 13:55:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20221208.gappssmtp.com; s=20221208; t=1682196946; x=1684788946; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=S8FqOBrBIDwRaNZdDbW+VmrE3EIn2eEpqcSfTXVfVyQ=; b=eYIfPybBKhq5pb016YGQQJbLNn6F34IVcHqszyVFoiZGelbDIF5ryqE5CpLBoZvYRL pLKkkQbMC1YjsgF0CG0cNm7pvM2HgXeYuHmaiwWJH2olcymFw6PlsDa2rgvs/dlE8pa0 TTRu9dkK1oH3wrLh5GL1ID5wPe9DvKNQD359Fx3eFVBd08idG91Cy+LraVt02xzcR7IZ jxajqirF7jNggvrW0YFLqK0p0QOyj57J+WnrguRqY+LbgOhRTVraOEjhhVFqH/i7KuuY TeIGoe/Ho+DEi4ivDWpi5rszSkcl9Yc09NF6ey+0qKGl//dEnxxFHLy4b+1Nk7o7yAgV pkXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682196946; x=1684788946; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S8FqOBrBIDwRaNZdDbW+VmrE3EIn2eEpqcSfTXVfVyQ=; b=G7utGcsKtykLKk2BzIbI7zYUwgIWls0JB3d+4GVuju0ceSH/CdoBqsw2DidXmr9iSu i1TXl+cDaW82F6mwsDPqNK4oTRiFCea0Flxb4UBjmLGkaRdYQgStTvvm/8X3TlDoqnlt b9C1HCSuT10+eRxXzhv+06pllCIgr/xlhAppgA/h/WYiE41L28vl3vxVwadlJJRsrDb2 txRQqQM6MApTNHbtuXpLTe9WoYyoj+KpnAZZ0avpfpYt9cMcQSVHDhuRrhuI0eJvdjjk LkoxdA6LOo2mKsqIjdIcPGrHGMaYJTQQb0L4XkzS29vqMYKEA6q71CFgWHbxbc134gG+ jTcg== X-Gm-Message-State: AAQBX9dubG3VUC5xqWO2GHlMXWQK5dh1QFpVbKMT1wfSdsZ7bxUv2Gca GwPywODTe5oEhspcH5jMt4aG/946knSV1PejmdK3Jbz/eVH9YVAO X-Google-Smtp-Source: AKy350ao0p4ldxoWa0tj3jTHVdpi8ZPfYMIPSvq6SNqb30AH7x8MTVYKiWmUzpE8/9AItKdiiCtFmJAIb8ycsy1+FgA= X-Received: by 2002:a17:907:9490:b0:93e:908d:cfe2 with SMTP id dm16-20020a170907949000b0093e908dcfe2mr7330462ejc.0.1682196946525; Sat, 22 Apr 2023 13:55:46 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Bart Schaefer Date: Sat, 22 Apr 2023 13:55:35 -0700 Message-ID: Subject: Re: Discovery of 3 Bugs in Zsh To: Johenan Li Cc: "zsh-workers@zsh.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Seq: 51669 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: On Sat, Apr 22, 2023 at 10:46=E2=80=AFAM Johenan Li wrote: > > Machine and OS: Ubuntu 20.04.1 x86-64 > Compilation flags: "./configure --enable-zsh-debug CC=3Dafl-cc CXX=3Dafl-= c++" with ASan and UBSan instrumentation. Which zsh sources did you compile? > The bugs can be replicated by running the following commands: > 1.zsh < bug_4 > 2.zsh < bug_7 > 3.The memory leak can be triggered by running zsh and then immediately ex= iting. Thanks for reporting, but: - bug_4 looks like a shell command history and won't produce equivalent results outside your local host. Furthermore, it contains a "reboot" command, as well as a "sudo" and a couple "vim", so I would not recommend anyone attempt sourcing it. - bug_7 is not in the attached zip - bug_17 is a binary file? Is it really intended to be directed to the shell input? - memory that leaks only at shell exit (doesn't grow or leak repeatedly during shell execution) has not typically been considered a bug. > I would appreciate it if you could allocate appropriate CVE numbers for t= hese issues and get back to me as soon as possible. We do not typically allocate CVEs unless an identified security issue has been found.