[PATCH] hush: Prevent segfault at unexpected EOF in script.

Sat, 10 Feb 2024 07:51:42 -0800 

See https://bugs.buildroot.org/show_bug.cgi?id=15937 .
With this patch the execution of reproducer script
from bugzilla leads to the following output:
'hush: syntax error: unexpected EOF'

Signed-off-by: Dmitry Chestnykh <dm.chestn...@gmail.com>
---
 shell/hush.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/shell/hush.c b/shell/hush.c
index ca01e2b5b..0595ad592 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -6132,6 +6132,10 @@ static int expand_on_ifs(o_string *output, int n, const 
char *str)
 
                if (!*str)  /* EOL - do not finalize word */
                        break;
+
+               if (!G.ifs)
+                       return -1;
+
                word_len = strcspn(str, G.ifs);
                if (word_len) {
                        /* We have WORD_LEN leading non-IFS chars */
@@ -6598,6 +6602,8 @@ static int append_str_maybe_ifs_split(o_string *output, 
int n,
                                !!(output->o_expflags & 
EXP_FLAG_ESC_GLOB_CHARS));
                if (val && val[0])
                        n = expand_on_ifs(output, n, val);
+               if (n < 0)
+                       return n;
        } else { /* quoted "$VAR" */
                output->has_quoted_part = 1;
                debug_printf_expand("quoted '%s', output->o_escape:%d\n", val,
@@ -7129,6 +7135,8 @@ static NOINLINE int expand_vars_to_list(o_string *output, 
int n, char *arg)
                        debug_printf_subst("SUBST RES:%d '%s'\n", 
G.last_exitcode, subst_result.data);
                        n = append_str_maybe_ifs_split(output, n, first_ch, 
subst_result.data);
                        o_free(&subst_result);
+                       if (n < 0)
+                               return n;
                        break;
                }
 #endif
@@ -7215,6 +7223,8 @@ static char **expand_variables(char **argv, unsigned 
expflags)
 
                /* expand argv[i] */
                n = expand_vars_to_list(&output, n, *argv++);
+               if (n < 0)
+                       return NULL;
                /* if (!output->has_empty_slot) -- need this?? */
                        o_addchr(&output, '\0');
        }
@@ -7605,7 +7615,9 @@ static void parse_and_run_stream(struct in_str *inp, int 
end_trigger)
                }
                debug_print_tree(pipe_list, 0);
                debug_printf_exec("parse_and_run_stream: run_and_free_list\n");
-               run_and_free_list(pipe_list);
+               if (run_and_free_list(pipe_list) < 0)
+                       syntax_error_unexpected_ch(EOF);
+
                empty = 0;
                if (G_flag_return_in_progress == 1)
                        break;
@@ -9897,6 +9909,9 @@ static int run_list(struct pipe *pi)
                                /* create list of variable values */
                                debug_print_strings("for_list made from", vals);
                                for_list = expand_strvec_to_strvec(vals);
+                               if (for_list == NULL)
+                                       return -1;
+
                                for_lcur = for_list;
                                debug_print_strings("for_list", for_list);
                        }
-- 
2.43.0

_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Reply via email to