diff options
author | Leo Famulari <leo@famulari.name> | 2018-03-09 20:06:39 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2018-03-10 12:30:53 -0500 |
commit | f55aa0c7b72c6e4f08f77aa84e196895182860e7 (patch) | |
tree | bc4d840d591d12975976d97880f35918614295b0 /gnu/packages/patches/zsh-CVE-2018-7548.patch | |
parent | 488ea71ed855ef6ee72a10751e4d57f598628393 (diff) | |
download | guix-f55aa0c7b72c6e4f08f77aa84e196895182860e7.tar.gz |
gnu: zsh: Fix CVE-2018-{7548,7549}.
* gnu/packages/patches/zsh-CVE-2018-7548.patch, gnu/packages/patches/zsh-CVE-2018-7549.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/shells.scm (zsh)[source]: Use them.
Diffstat (limited to 'gnu/packages/patches/zsh-CVE-2018-7548.patch')
-rw-r--r-- | gnu/packages/patches/zsh-CVE-2018-7548.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/gnu/packages/patches/zsh-CVE-2018-7548.patch b/gnu/packages/patches/zsh-CVE-2018-7548.patch new file mode 100644 index 0000000000..1ee15fad73 --- /dev/null +++ b/gnu/packages/patches/zsh-CVE-2018-7548.patch @@ -0,0 +1,48 @@ +Fix CVE-2018-7548: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548 + +Patch copied from upstream source repository: + +https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 + +From 110b13e1090bc31ac1352b28adc2d02b6d25a102 Mon Sep 17 00:00:00 2001 +From: Joey Pabalinas <joeypabalinas@gmail.com> +Date: Tue, 23 Jan 2018 22:28:08 -0800 +Subject: [PATCH] 42313: avoid null-pointer deref when using ${(PA)...} on an + empty array result + +--- + ChangeLog | 5 +++++ + Src/subst.c | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +#diff --git a/ChangeLog b/ChangeLog +#index d2ba94afc..3037edda4 100644 +#--- a/ChangeLog +#+++ b/ChangeLog +#@@ -1,3 +1,8 @@ +#+2018-01-23 Barton E. Schaefer <schaefer@zsh.org> +#+ +#+ * Joey Pabalinas: 42313: Src/subst.c: avoid null-pointer deref +#+ when using ${(PA)...} on an empty array result +#+ +# 2018-01-23 Oliver Kiddle <okiddle@yahoo.co.uk> +# +# * 42317: Completion/Linux/Command/_cryptsetup, +diff --git a/Src/subst.c b/Src/subst.c +index d027e3d83..a265a187e 100644 +--- a/Src/subst.c ++++ b/Src/subst.c +@@ -2430,7 +2430,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags, + val = aval[0]; + isarr = 0; + } +- s = dyncat(val, s); ++ s = val ? dyncat(val, s) : dupstring(s); + /* Now behave po-faced as if it was always like that... */ + subexp = 0; + /* +-- +2.16.2 + |