d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not strip CTL* escapes from redirection filenames in argstr(); they

Browse Source 
are later stripped with rmescapes() in expandarg(). If the filename has
already been unescaped, doing it again in rmescapes() can walk off the
end of the string, leading to memory corruption and eventually SIGSEGV.

Noticed by:	kris
This commit is contained in:
Tim J. Robbins 2002-10-08 11:22:49 +00:00
parent ae02ceb621
commit c121fd80b8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/sh/expand.c
View File

@ -213,7 +213,7 @@ STATIC void
argstr(char *p, int flag)
{
char c;
int quotes = flag & (EXP_FULL | EXP_CASE); /* do CTLESC */
int quotes = flag & (EXP_FULL | EXP_CASE | EXP_REDIR); /* do CTLESC */
int firsteq = 1;
if (*p == '~' && (flag & (EXP_TILDE | EXP_VARTILDE)))