Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
zsh
CVE-2018-1083.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-1083.patch of Package zsh
commit 259ac472eac291c8c103c7a0d8a4eaf3c2942ed7 Author: Oliver Kiddle <okiddle@yahoo.co.uk> Date: Sat Mar 24 15:04:39 2018 +0100 42519, CVE-2018-1083: check bounds on PATH_MAX-sized buffer used for file completion candidates commit 259ac472eac291c8c103c7a0d8a4eaf3c2942ed7 Author: Oliver Kiddle <okiddle@yahoo.co.uk> Date: Sat Mar 24 15:04:39 2018 +0100 42519, CVE-2018-1083: check bounds on PATH_MAX-sized buffer used for file completion candidates Index: zsh-5.0.5/Src/Zle/compctl.c =================================================================== --- zsh-5.0.5.orig/Src/Zle/compctl.c +++ zsh-5.0.5/Src/Zle/compctl.c @@ -2156,6 +2156,8 @@ gen_matches_files(int dirs, int execs, i if (prpre && *prpre) { pathpref = dupstring(prpre); unmetafy(pathpref, &pathpreflen); + if (pathpreflen > PATH_MAX) + return; /* system needs NULL termination, not provided by unmetafy */ pathpref[pathpreflen] = '\0'; } else { @@ -2198,6 +2200,8 @@ gen_matches_files(int dirs, int execs, i * the path buffer by appending the filename. */ ums = dupstring(n); unmetafy(ums, ¨en); + if (umlen + pathpreflen + 1 > PATH_MAX) + continue; memcpy(q, ums, umlen); q[umlen] = '\0'; /* And do the stat. */ @@ -2212,6 +2216,8 @@ gen_matches_files(int dirs, int execs, i /* We have to test for a path suffix. */ int o = strlen(p), tt; + if (o + strlen(psuf) > PATH_MAX) + continue; /* Append it to the path buffer. */ strcpy(p + o, psuf);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor