[PATCH][BZ #18096] Handle null dereferences in wordexp

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

* [PATCH][BZ #18096] Handle null dereferences in wordexp
@ 2015-07-12  7:49 Ondřej Bílka
  2015-07-28  3:22 ` Mike Frysinger
  2015-08-12 14:41 ` [ping][PATCH][BZ " Ondřej Bílka
  0 siblings, 2 replies; 5+ messages in thread
From: Ondřej Bílka @ 2015-07-12  7:49 UTC (permalink / raw)
  To: libc-alpha

Hi,

Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
libc-alpha.

These look good for me. Carlos, could you commit it?


diff --git a/posix/wordexp.c b/posix/wordexp.c
index e711d43..d3f3764 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -740,7 +740,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
 	      ++(*offset);
 
 	      /* Go - evaluate. */
-	      if (*expr && eval_expr (expr, &numresult) != 0)
+	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
 		{
 		  free (expr);
 		  return WRDE_SYNTAX;
@@ -778,7 +778,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
 	      long int numresult = 0;
 
 	      /* Go - evaluate. */
-	      if (*expr && eval_expr (expr, &numresult) != 0)
+	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
 		{
 		  free (expr);
 		  return WRDE_SYNTAX;
@@ -1843,11 +1843,11 @@ envsubst:
 	  if (!colon_seen && value)
 	    /* Substitute NULL */
 	    ;
-	  else
+	  else if (flags & WRDE_SHOWERR)
 	    {
 	      const char *str = pattern;
 
-	      if (str[0] == '\0')
+	      if (str && str[0] == '\0')
 		str = _("parameter null or not set");
 
 	      __fxprintf (NULL, "%s: %s\n", env, str);

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH][BZ #18096] Handle null dereferences in wordexp
  2015-07-12  7:49 [PATCH][BZ #18096] Handle null dereferences in wordexp Ondřej Bílka
@ 2015-07-28  3:22 ` Mike Frysinger
  2015-07-28  6:33   ` Ondřej Bílka
  2015-08-12 14:41 ` [ping][PATCH][BZ " Ondřej Bílka
  1 sibling, 1 reply; 5+ messages in thread
From: Mike Frysinger @ 2015-07-28  3:22 UTC (permalink / raw)
  To: Ondřej Bílka; +Cc: libc-alpha

[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

On 12 Jul 2015 09:49, Ondřej Bílka wrote:
> -	  else
> +	  else if (flags & WRDE_SHOWERR)

i don't think this falls under the banner of preventing NULL derefs
-mike

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH][BZ #18096] Handle null dereferences in wordexp
  2015-07-28  3:22 ` Mike Frysinger
@ 2015-07-28  6:33   ` Ondřej Bílka
  0 siblings, 0 replies; 5+ messages in thread
From: Ondřej Bílka @ 2015-07-28  6:33 UTC (permalink / raw)
  To: libc-alpha

On Mon, Jul 27, 2015 at 11:22:28PM -0400, Mike Frysinger wrote:
> On 12 Jul 2015 09:49, OndÅ™ej BÃlka wrote:
> > -	  else
> > +	  else if (flags & WRDE_SHOWERR)
> 
> i don't think this falls under the banner of preventing NULL derefs

I just took original patch from bugzilla. It was there with rationale
that printing whats in branch is also a bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [ping][PATCH][BZ #18096] Handle null dereferences in wordexp
  2015-07-12  7:49 [PATCH][BZ #18096] Handle null dereferences in wordexp Ondřej Bílka
  2015-07-28  3:22 ` Mike Frysinger
@ 2015-08-12 14:41 ` Ondřej Bílka
  2015-08-19  9:23   ` [ping^2][PATCH][BZ " Ondřej Bílka
  1 sibling, 1 reply; 5+ messages in thread
From: Ondřej Bílka @ 2015-08-12 14:41 UTC (permalink / raw)
  To: libc-alpha

ping
On Sun, Jul 12, 2015 at 09:49:17AM +0200, OndÅ™ej BÃlka wrote:
> Hi,
> 
> Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
> libc-alpha.
> 
> These look good for me. Carlos, could you commit it?
> 
> 
> diff --git a/posix/wordexp.c b/posix/wordexp.c
> index e711d43..d3f3764 100644
> --- a/posix/wordexp.c
> +++ b/posix/wordexp.c
> @@ -740,7 +740,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
>  	      ++(*offset);
>  
>  	      /* Go - evaluate. */
> -	      if (*expr && eval_expr (expr, &numresult) != 0)
> +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
>  		{
>  		  free (expr);
>  		  return WRDE_SYNTAX;
> @@ -778,7 +778,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
>  	      long int numresult = 0;
>  
>  	      /* Go - evaluate. */
> -	      if (*expr && eval_expr (expr, &numresult) != 0)
> +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
>  		{
>  		  free (expr);
>  		  return WRDE_SYNTAX;
> @@ -1843,11 +1843,11 @@ envsubst:
>  	  if (!colon_seen && value)
>  	    /* Substitute NULL */
>  	    ;
> -	  else
> +	  else if (flags & WRDE_SHOWERR)
>  	    {
>  	      const char *str = pattern;
>  
> -	      if (str[0] == '\0')
> +	      if (str && str[0] == '\0')
>  		str = _("parameter null or not set");
>  
>  	      __fxprintf (NULL, "%s: %s\n", env, str);

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [ping^2][PATCH][BZ #18096] Handle null dereferences in wordexp
  2015-08-12 14:41 ` [ping][PATCH][BZ " Ondřej Bílka
@ 2015-08-19  9:23   ` Ondřej Bílka
  0 siblings, 0 replies; 5+ messages in thread
From: Ondřej Bílka @ 2015-08-19  9:23 UTC (permalink / raw)
  To: libc-alpha

ping
On Wed, Aug 12, 2015 at 02:22:16PM +0200, OndÅ™ej BÃlka wrote:
> ping
> On Sun, Jul 12, 2015 at 09:49:17AM +0200, OndÅ™ej BÃlka wrote:
> > Hi,
> > 
> > Kostya, and Carlos wrote this patch on bugzilla but I didn't seen it on
> > libc-alpha.
> > 
> > These look good for me. Carlos, could you commit it?
> > 
> > 
> > diff --git a/posix/wordexp.c b/posix/wordexp.c
> > index e711d43..d3f3764 100644
> > --- a/posix/wordexp.c
> > +++ b/posix/wordexp.c
> > @@ -740,7 +740,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
> >  	      ++(*offset);
> >  
> >  	      /* Go - evaluate. */
> > -	      if (*expr && eval_expr (expr, &numresult) != 0)
> > +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
> >  		{
> >  		  free (expr);
> >  		  return WRDE_SYNTAX;
> > @@ -778,7 +778,7 @@ parse_arith (char **word, size_t *word_length, size_t *max_length,
> >  	      long int numresult = 0;
> >  
> >  	      /* Go - evaluate. */
> > -	      if (*expr && eval_expr (expr, &numresult) != 0)
> > +	      if (expr && *expr && eval_expr (expr, &numresult) != 0)
> >  		{
> >  		  free (expr);
> >  		  return WRDE_SYNTAX;
> > @@ -1843,11 +1843,11 @@ envsubst:
> >  	  if (!colon_seen && value)
> >  	    /* Substitute NULL */
> >  	    ;
> > -	  else
> > +	  else if (flags & WRDE_SHOWERR)
> >  	    {
> >  	      const char *str = pattern;
> >  
> > -	      if (str[0] == '\0')
> > +	      if (str && str[0] == '\0')
> >  		str = _("parameter null or not set");
> >  
> >  	      __fxprintf (NULL, "%s: %s\n", env, str);

-- 

paradigm shift...without a clutch

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2015-08-19  9:23 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-12  7:49 [PATCH][BZ #18096] Handle null dereferences in wordexp Ondřej Bílka
2015-07-28  3:22 ` Mike Frysinger
2015-07-28  6:33   ` Ondřej Bílka
2015-08-12 14:41 ` [ping][PATCH][BZ " Ondřej Bílka
2015-08-19  9:23   ` [ping^2][PATCH][BZ " Ondřej Bílka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).