[committed] Fix second instance of BZ #18043

Message ID	CALoOobM_bLg9CtR5vF+nfnhVtoZhKKo8extbCwAwmkNAPOSVLg@mail.gmail.com
State	New
Headers	show Return-Path: <libc-alpha-return-57785-incoming=patchwork.ozlabs.org@sourceware.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:from:date:message-id:subject:to :content-type; q=dns; s=default; b=LYuqqrBa59SLzMZgGxE+KrCqWl2/e hmCQSM5drG4gn9HFEx8LC58mhrdldWfO4/hq1FInvY+gn9lH6NDzBv/rU/WEmKw7 BWiI54f475u55iRa+XdrXgN0NjzLyNnXrmegAwiSVxcoCi3bonp/zYscnM3QVwcW 8NWNP2eZdiQOrM= Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org MIME-Version: 1.0 From: Paul Pluzhnikov <ppluzhnikov@gmail.com> Date: Mon, 9 Mar 2015 07:28:08 -0700 Message-ID: <CALoOobM_bLg9CtR5vF+nfnhVtoZhKKo8extbCwAwmkNAPOSVLg@mail.gmail.com> Subject: [patch][committed] Fix second instance of BZ #18043 To: GLIBC Devel <libc-alpha@sourceware.org> Content-Type: multipart/mixed; boundary=001a1134ea06b01c4e0510dbd9c8

Message ID

CALoOobM_bLg9CtR5vF+nfnhVtoZhKKo8extbCwAwmkNAPOSVLg@mail.gmail.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=LYuqqrBa59SLzMZgGxE+KrCqWl2/e
	hmCQSM5drG4gn9HFEx8LC58mhrdldWfO4/hq1FInvY+gn9lH6NDzBv/rU/WEmKw7
	BWiI54f475u55iRa+XdrXgN0NjzLyNnXrmegAwiSVxcoCi3bonp/zYscnM3QVwcW
	8NWNP2eZdiQOrM=
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: libc-alpha-owner@sourceware.org
MIME-Version: 1.0
From: Paul Pluzhnikov <ppluzhnikov@gmail.com>
Date: Mon, 9 Mar 2015 07:28:08 -0700
Message-ID: <CALoOobM_bLg9CtR5vF+nfnhVtoZhKKo8extbCwAwmkNAPOSVLg@mail.gmail.com>
Subject: [patch][committed] Fix second instance of BZ #18043
To: GLIBC Devel <libc-alpha@sourceware.org>
Content-Type: multipart/mixed; boundary=001a1134ea06b01c4e0510dbd9c8

Commit Message

Paul Pluzhnikov March 9, 2015, 2:28 p.m. UTC

Greetings,

I've committed the patch below as obvious.

2015-03-09  Paul Pluzhnikov  <ppluzhnikov@google.com>

       [BZ #18043]
       * posix/wordexp.c (parse_param): Fix buffer overflow.
       * posix/wordexp-test.c (test_case): Add test case.

Comments

Paul Eggert March 9, 2015, 6:19 p.m. UTC | #1

On 03/09/2015 07:28 AM, Paul Pluzhnikov wrote:
> -	  if (strchr ("-=?+", words[1 + *offset]) == NULL)
> +	  if (words[1 + *offset] == '\0'
> +	      || strchr ("-=?+", words[1 + *offset]) == NULL)

For stuff like this, how about using memchr instead?  E.g.,:

    if (! memchr ("-=?+", words[1 + *offset]. sizeof "-=?+" - 1))

This could be done with a macro that uses 'sizeof'.  This would make the 
code smaller and arguably easier to read.

diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
index 845407e..0a353a4 100644
--- a/posix/wordexp-test.c
+++ b/posix/wordexp-test.c
@@ -234,8 +234,9 @@  struct test_case_struct
     { WRDE_CMDSUB, NULL, "$((1+`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS },
     { WRDE_CMDSUB, NULL, "$((1+$((`echo 1`))))", WRDE_NOCMD, 0, { NULL, }, IFS },
 
-    { WRDE_SYNTAX, NULL, "`\\", 0, 0, { NULL, }, IFS },  /* BZ 18042  */
-    { WRDE_SYNTAX, NULL, "${", 0, 0, { NULL, }, IFS },   /* BZ 18043  */
+    { WRDE_SYNTAX, NULL, "`\\", 0, 0, { NULL, }, IFS },     /* BZ 18042  */
+    { WRDE_SYNTAX, NULL, "${", 0, 0, { NULL, }, IFS },      /* BZ 18043  */
+    { WRDE_SYNTAX, NULL, "L${a:", 0, 0, { NULL, }, IFS },   /* BZ 18043#c4  */
 
     { -1, NULL, NULL, 0, 0, { NULL, }, IFS },
   };
diff --git a/posix/wordexp.c b/posix/wordexp.c
index ae4fd72..36b6fff 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -1343,7 +1343,8 @@  parse_param (char **word, size_t *word_length, size_t *max_length,
 	  break;
 
 	case ':':
-	  if (strchr ("-=?+", words[1 + *offset]) == NULL)
+	  if (words[1 + *offset] == '\0'
+	      || strchr ("-=?+", words[1 + *offset]) == NULL)
 	    goto syntax;
 
 	  colon_seen = 1;

[committed] Fix second instance of BZ #18043

Commit Message

Comments

Patch