From owner-svn-src-head@freebsd.org Sun Apr 16 22:10:03 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8DEBCD4050C; Sun, 16 Apr 2017 22:10:03 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 45B011E15; Sun, 16 Apr 2017 22:10:03 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v3GMA2JV043793; Sun, 16 Apr 2017 22:10:02 GMT (envelope-from jilles@FreeBSD.org) Received: (from jilles@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v3GMA2mm043789; Sun, 16 Apr 2017 22:10:02 GMT (envelope-from jilles@FreeBSD.org) Message-Id: <201704162210.v3GMA2mm043789@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jilles set sender to jilles@FreeBSD.org using -f From: Jilles Tjoelker Date: Sun, 16 Apr 2017 22:10:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r317039 - in head/bin/sh: . tests/parser X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Apr 2017 22:10:03 -0000 Author: jilles Date: Sun Apr 16 22:10:02 2017 New Revision: 317039 URL: https://svnweb.freebsd.org/changeset/base/317039 Log: sh: Fix use after free when resetting an in-use alias. The special case of modifying an existing alias does not work correctly if the alias is currently in use. Instead, handle this case by unaliasing the old alias (if any) and then creating a new alias. Added: head/bin/sh/tests/parser/alias18.0 (contents, props changed) Modified: head/bin/sh/alias.c head/bin/sh/tests/parser/Makefile Modified: head/bin/sh/alias.c ============================================================================== --- head/bin/sh/alias.c Sun Apr 16 21:57:25 2017 (r317038) +++ head/bin/sh/alias.c Sun Apr 16 22:10:02 2017 (r317039) @@ -63,17 +63,8 @@ setalias(const char *name, const char *v { struct alias *ap, **app; + unalias(name); app = hashalias(name); - for (ap = *app; ap; ap = ap->next) { - if (equal(name, ap->name)) { - INTOFF; - ckfree(ap->val); - ap->val = savestr(val); - INTON; - return; - } - } - /* not found */ INTOFF; ap = ckmalloc(sizeof (struct alias)); ap->name = savestr(name); Modified: head/bin/sh/tests/parser/Makefile ============================================================================== --- head/bin/sh/tests/parser/Makefile Sun Apr 16 21:57:25 2017 (r317038) +++ head/bin/sh/tests/parser/Makefile Sun Apr 16 22:10:02 2017 (r317039) @@ -24,6 +24,7 @@ ${PACKAGE}FILES+= alias14.0 ${PACKAGE}FILES+= alias15.0 alias15.0.stdout ${PACKAGE}FILES+= alias16.0 ${PACKAGE}FILES+= alias17.0 +${PACKAGE}FILES+= alias18.0 ${PACKAGE}FILES+= and-pipe-not.0 ${PACKAGE}FILES+= case1.0 ${PACKAGE}FILES+= case2.0 Added: head/bin/sh/tests/parser/alias18.0 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/bin/sh/tests/parser/alias18.0 Sun Apr 16 22:10:02 2017 (r317039) @@ -0,0 +1,8 @@ +# $FreeBSD$ + +v=1 +alias a='alias a=v=2 +v=3 +a' +eval a +[ "$v" = 2 ]