From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1]) by sourceware.org (Postfix) with ESMTPS id 196213857419 for ; Tue, 6 Jul 2021 19:09:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 196213857419 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=aurel32.net Authentication-Results: sourceware.org; spf=none smtp.mailfrom=aurel32.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aurel32.net ; s=202004.hall; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date: Subject:Cc:To:From:Content-Type:From:Reply-To:Subject:Content-ID: Content-Description:In-Reply-To:References:X-Debbugs-Cc; bh=dz3AttkJBO9ksBVb9OMsVJK+84EfrkR+Gy3Is1zXFuA=; b=kb3+YgOT2tgXfzv1kcVqGU2mGQ udQ8y33J2hgF7/RixaQO1CyPVaAzS1xfk8pfs4BGYIOzmF+KPK0rJ7KsaXYDR4rfZSahzwA+CKcKZ ZIBDxB7Ul0aYGdH+bYSJguF06Cg135Nkx9rP3Y7JpWlc7pJioTq4epuspa9z/7ec07vqMYbCz8PjZ wuhcmTxR7VPAOkzmol7C8Llgnbuq2o7pJhKEvcSDTyyxY+G3dViWK6WY0BTOmL5N/uRi3g/J9Weol aTLtDgCIs3dcLaAHBDMGxUSLWhFa7RQBaQnRjCCMB7bQ5vuId0/aGiFYceks/Oeg/gdnDbnrIjtk7 j/y94zwQ==; Received: from [2a01:e34:ec5d:a741:8a4c:7c4e:dc4c:1787] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1m0qRO-0005Zc-Dx; Tue, 06 Jul 2021 21:09:06 +0200 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.94.2) (envelope-from ) id 1m0qRJ-006d4z-Uw; Tue, 06 Jul 2021 21:09:01 +0200 From: Aurelien Jarno To: libc-stable@sourceware.org Cc: Andreas Schwab Subject: [COMMITTED 2.33] wordexp: handle overflow in positional parameter number (bug 28011) Date: Tue, 6 Jul 2021 21:08:58 +0200 Message-Id: <20210706190858.1580120-1-aurelien@aurel32.net> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-stable@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-stable mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2021 19:09:09 -0000 From: Andreas Schwab Use strtoul instead of atoi so that overflow can be detected. (cherry picked from commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c) --- posix/wordexp-test.c | 1 + posix/wordexp.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c index f93a546d7e..9df02dbbb3 100644 --- a/posix/wordexp-test.c +++ b/posix/wordexp-test.c @@ -183,6 +183,7 @@ struct test_case_struct { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, { 0, NULL, "", 0, 0, { NULL, }, IFS }, + { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, /* Flags not already covered (testit() has special handling for these) */ { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, diff --git a/posix/wordexp.c b/posix/wordexp.c index bcbe96e48d..1f3b09f721 100644 --- a/posix/wordexp.c +++ b/posix/wordexp.c @@ -1399,7 +1399,7 @@ envsubst: /* Is it a numeric parameter? */ else if (isdigit (env[0])) { - int n = atoi (env); + unsigned long n = strtoul (env, NULL, 10); if (n >= __libc_argc) /* Substitute NULL. */ -- 2.30.2