[Bug 226948] [PATCH] usr.bin/apply: segmentation fault with blank magic character
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Mar 26 13:30:14 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226948
Bug ID: 226948
Summary: [PATCH] usr.bin/apply: segmentation fault with blank
magic character
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: tobias at stoeckmann.org
Created attachment 191838
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=191838&action=edit
Patch to fix the issue
I have encountered and fixed an issue when the magic character ' ' is used.
apply(1) checks for magic numbers to substitue. These magic numbers are used
for argument substitution. You could write a command like
$ apply '2to3 %1 %2' test1.py test2.py
Which would run "2to3 test1.py test2.py". The magic character '%' can be
replaced with the option -a. In my case, I replace it with ' '.
The issue is that check for magic numbers and actual replacement happen in two
different parts of the code. Between them, the command is prepended with "exec
", which is used for the shell invocation later on.
The bug is triggered with an invocation like this:
$ apply -a ' ' 2to3 test.py
Segmentation fault (core dumped)
$ _
The check for magic numbers is negative, because "2to3" has no magic number.
But right after the check, it's extended to "exec 2to3". As I changed the magic
character from '%' to ' ', suddenly it DOES contain a magic number.
The code does not properly verify afterwards if enough arguments have been
supplied and tries to access argv[2], which is NULL. The command crashes.
This patch is based on my merge attempt of a previous FreeBSD bug into OpenBSD.
You can see the discussion and OpenBSD's version of the patch here:
https://marc.info/?l=openbsd-tech&m=152180028615405&w=2
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list