[klibc] klibc sh segfault on invalid substitutions
Ben Hutchings
ben at decadent.org.uk
Sun Nov 27 08:51:23 PST 2022
On Thu, 2022-11-24 at 06:15 +0100, Christoph Anton Mitterer wrote:
> Hey there.
>
> There’s a bug in ash-bashed shells, including the one shipped with
> klibc.
>
> The original variant is described here (for dash):
> https://lore.kernel.org/dash/b2e298215b3d51d8284296484caa138faddaa0e4.camel@scientia.org/
> respectively
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024635
>
>
> Apparently BusyBox’ sh (also ash based) doesn't segfault with the
> example I've found above.
>
> But Harald van Dijk was able to create an example[0] where BusyBox’ sh
> segfaults, too, reported by him at:
> http://lists.busybox.net/pipermail/busybox/2022-November/090036.html
>
>
> klibc’s sh segfaults in BOTH cases, and he asked me whether I could
> forward this here on also his behalf.
>
>
> Could you please have a look at both?
I had a look at a core dump in gdb. The loop at the bottom of
evalvar() seems to read off the end of the input string, and crashes
once p reaches an unmapped page. This seems to match Harald's
analysis:
https://lore.kernel.org/dash/8710d1c3-d7c9-7332-4bc7-ce243a1cbd37@gigawatt.nl/
> It seems theres's no bugtracker for klibc, or is there?
There's a component for it on bugzilla.kernel.org (under "Other").
> Just that this doesn't get forgotten by accident, I've also reported it
> downstream in the Debian BTS at:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024735
>
That's also fine.
I don't think I will work on this in klibc until there's a fix in
upstream dash. If you're still watching upstream dash, please let me
know when there's a fix I can pick.
Ben.
--
Ben Hutchings
This sentence contradicts itself - no actually it doesn't.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.zytor.com/archives/klibc/attachments/20221127/0489121a/attachment.sig>
More information about the klibc
mailing list