mirrors/zsh
1
0
Fork 0
mirror of git://git.code.sf.net/p/zsh/code synced 2025-01-01 05:16:05 +01:00
Code Releases Activity

security/41: Don't perform PROMPT_SUBST evaluation on %F/%K arguments

Browse source 
Mitigates CVE-2021-45444
This commit is contained in:
Oliver Kiddle 2021-12-15 01:56:40 +01:00 committed by dana
parent 77d203f3fb
commit c187154f47
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
2022-01-27 dana <dana@dana.is>
* Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
PROMPT_SUBST
2020-02-14 dana <dana@dana.is>
* unposted: Config/version.mk: Update for 5.8

10
Src/prompt.c
View file

@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg)
bv->fm += 2; /* skip over F{ */
if ((ep = strchr(bv->fm, '}'))) {
char oc = *ep, *col, *coll;
int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
int opp = opts[PROMPTPERCENT];
opts[PROMPTPERCENT] = 1;
opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
*ep = '\0';
/* expand the contents of the argument so you can use
* %v for example */
@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg)
arg = match_colour((const char **)&coll, is_fg, 0);
free(col);
bv->fm = ep;
opts[PROMPTSUBST] = ops;
opts[PROMPTBANG] = opb;
opts[PROMPTPERCENT] = opp;
} else {
arg = match_colour((const char **)&bv->fm, is_fg, 0);
if (*bv->fm != '}')