projects / freebsd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 991c192) | patch
sh: Fix out of bounds read when there is no ] after a [:class:].
authorjilles <jilles@FreeBSD.org>
Tue, 25 Aug 2015 21:55:15 +0000 (21:55 +0000)
committerjilles <jilles@FreeBSD.org>
Tue, 25 Aug 2015 21:55:15 +0000 (21:55 +0000)
commit424480153f3c8a83b9eda291dae7ff5e112baf4c
treeb2ac90e4331870b125760317c214fd30b95887eftree | snapshot
parent991c19271a64bddd1f8bb9842dd695986630d505commit | diff
sh: Fix out of bounds read when there is no ] after a [:class:].

The initial check for a matching ] was incorrect if a ] may be consumed by a
[:class:]. The subsequent loop assumed that there must be a ].

Remove the initial check and make the loop cope with a missing ].

Found with afl-fuzz.

MFC after: 1 week
bin/sh/expand.c diff | blob | blame | history
bin/sh/tests/builtins/Makefile diff | blob | blame | history
bin/sh/tests/builtins/case20.0 [new file with mode: 0644] blob
FreeBSD Project Source