SECURITY: fix integer overflows related to file descriptor parsing
bug initially found by Pawel Wylecial (LP#1440685) additional bug found and suggested fix by enh (elliott hughes) This commit also renames struct ioword.flag to ioflag to disambiguate it from other members named “flag”, changes it to an unsigned type, and packs ioflag and unit into shorts each, to make the struct smaller (aligned even: 16 bytes on 32-bit systems) and reviews some of the code involved in fd handling, though there wasn’t much to be found.
This commit is contained in:
4
eval.c
4
eval.c
@ -23,7 +23,7 @@
|
||||
|
||||
#include "sh.h"
|
||||
|
||||
__RCSID("$MirOS: src/bin/mksh/eval.c,v 1.166 2015/02/20 07:14:29 tg Exp $");
|
||||
__RCSID("$MirOS: src/bin/mksh/eval.c,v 1.167 2015/04/11 22:03:29 tg Exp $");
|
||||
|
||||
/*
|
||||
* string expansion
|
||||
@ -1353,7 +1353,7 @@ comsub(Expand *xp, const char *cp, int fn MKSH_A_UNUSED)
|
||||
struct ioword *io = *t->ioact;
|
||||
char *name;
|
||||
|
||||
if ((io->flag & IOTYPE) != IOREAD)
|
||||
if ((io->ioflag & IOTYPE) != IOREAD)
|
||||
errorf("%s: %s", "funny $() command",
|
||||
snptreef(NULL, 32, "%R", io));
|
||||
shf = shf_open(name = evalstr(io->name, DOTILDE), O_RDONLY, 0,
|
||||
|
Reference in New Issue
Block a user