summary refs log tree commit diff
path: root/gnu/packages/patches/zsh-CVE-2018-7548.patch
blob: 1ee15fad73810680741ed233d84475ff60cb73fe (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Fix CVE-2018-7548:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548

Patch copied from upstream source repository:

https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102

From 110b13e1090bc31ac1352b28adc2d02b6d25a102 Mon Sep 17 00:00:00 2001
From: Joey Pabalinas <joeypabalinas@gmail.com>
Date: Tue, 23 Jan 2018 22:28:08 -0800
Subject: [PATCH] 42313: avoid null-pointer deref when using ${(PA)...} on an
 empty array result

---
 ChangeLog   | 5 +++++
 Src/subst.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

#diff --git a/ChangeLog b/ChangeLog
#index d2ba94afc..3037edda4 100644
#--- a/ChangeLog
#+++ b/ChangeLog
#@@ -1,3 +1,8 @@
#+2018-01-23  Barton E. Schaefer  <schaefer@zsh.org>
#+
#+       * Joey Pabalinas: 42313: Src/subst.c: avoid null-pointer deref
#+       when using ${(PA)...} on an empty array result
#+
# 2018-01-23  Oliver Kiddle  <okiddle@yahoo.co.uk>
# 
#        * 42317: Completion/Linux/Command/_cryptsetup,
diff --git a/Src/subst.c b/Src/subst.c
index d027e3d83..a265a187e 100644
--- a/Src/subst.c
+++ b/Src/subst.c
@@ -2430,7 +2430,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags,
 		val = aval[0];
 		isarr = 0;
 	    }
-	    s = dyncat(val, s);
+	    s = val ? dyncat(val, s) : dupstring(s);
 	    /* Now behave po-faced as if it was always like that... */
 	    subexp = 0;
 	    /*
-- 
2.16.2