File CVE-2021-45444.patch of Package zsh.23099

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2021-45444.patch of Package zsh.23099

diff --color -ruN zsh-5.0.5.ori/ChangeLog zsh-5.0.5.new/ChangeLog
--- zsh-5.0.5.ori/ChangeLog	2014-01-05 19:24:34.000000000 +0100
+++ zsh-5.0.5.new/ChangeLog	2022-02-28 11:41:02.574470335 +0100
@@ -1,3 +1,8 @@
+2022-01-27  dana  <dana@dana.is>
+
+	* Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
+	PROMPT_SUBST
+
 2014-01-05  Peter Stephenson  <p.w.stephenson@ntlworld.com>
 
 	* unposted: Config/version.mk, Doc/Zsh/compsys.yo: update
@@ -87,7 +92,7 @@
 2013-12-20  Barton E. Schaefer  <schaefer@zsh.org>
 
 	* 32172; Test/A05execution.ztst: regression test for 32171
-	
+
 	* 32171: Src/exec.c: fix leaked pipe descriptor that could
 	deadlock a pipeline from a complex shell construct or function
 	into an external command
diff --color -ruN zsh-5.0.5.ori/Src/prompt.c zsh-5.0.5.new/Src/prompt.c
--- zsh-5.0.5.ori/Src/prompt.c	2013-11-27 20:00:20.000000000 +0100
+++ zsh-5.0.5.new/Src/prompt.c	2022-02-28 11:32:37.114333714 +0100
@@ -241,6 +241,12 @@
 	bv->fm += 2; /* skip over F{ */
 	if ((ep = strchr(bv->fm, '}'))) {
 	    char oc = *ep, *col, *coll;
+        int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
+        int opp = opts[PROMPTPERCENT];
+
+        opts[PROMPTPERCENT] = 1;
+        opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
+
 	    *ep = '\0';
 	    /* expand the contents of the argument so you can use
 	     * %v for example */
@@ -249,6 +255,10 @@
 	    arg = match_colour((const char **)&coll, is_fg, 0);
 	    free(col);
 	    bv->fm = ep;
+
+        opts[PROMPTSUBST] = ops;
+        opts[PROMPTBANG] = opb;
+        opts[PROMPTPERCENT] = opp;
 	} else {
 	    arg = match_colour((const char **)&bv->fm, is_fg, 0);
 	    if (*bv->fm != '}')

Places

File CVE-2021-45444.patch of Package zsh.23099

Places