Jim Tcl
Check-in [f020c0b233]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:exec: Fix check for | and |&

These are only allowed as separate args. One check was allowing them as a prefix which could lead to an invalid memory access

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au>

Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:f020c0b233507a64793a667d1375f00d9854a88c
User & Date: steveb@workware.net.au 2017-05-12 03:02:01
Context
2017-05-12
03:02
format: Validate too many flags in format string

Avoid a stack overflow

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: 51a1a67f58 user: steveb@workware.net.au tags: trunk

03:02
exec: Fix check for | and |&

These are only allowed as separate args. One check was allowing them as a prefix which could lead to an invalid memory access

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: f020c0b233 user: steveb@workware.net.au tags: trunk

03:01
scan: error on missing conversion char

Don't read invalid memory

Reported-by: Ryan Whitworth <me@ryanwhitworth.com> Signed-off-by: Steve Bennett <steveb@workware.net.au> check-in: 9fd054339d user: steveb@workware.net.au tags: trunk

Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to jim-exec.c.

955
956
957
958
959
960
961
962


963
964
965
966
967
968
969
970
971
972
        pidPtr[i] = JIM_BAD_PID;
    }
    for (firstArg = 0; firstArg < arg_count; numPids++, firstArg = lastArg + 1) {
        int pipe_dup_err = 0;
        fdtype origErrorId = errorId;

        for (lastArg = firstArg; lastArg < arg_count; lastArg++) {
            if (arg_array[lastArg][0] == '|') {


                if (arg_array[lastArg][1] == '&') {
                    pipe_dup_err = 1;
                }
                break;
            }
        }

        if (lastArg == firstArg) {
            Jim_SetResultString(interp, "missing command to exec", -1);
            goto error;







|
>
>
|
|
<







955
956
957
958
959
960
961
962
963
964
965
966

967
968
969
970
971
972
973
        pidPtr[i] = JIM_BAD_PID;
    }
    for (firstArg = 0; firstArg < arg_count; numPids++, firstArg = lastArg + 1) {
        int pipe_dup_err = 0;
        fdtype origErrorId = errorId;

        for (lastArg = firstArg; lastArg < arg_count; lastArg++) {
            if (strcmp(arg_array[lastArg], "|") == 0) {
                break;
            }
            if (strcmp(arg_array[lastArg], "|&") == 0) {
                pipe_dup_err = 1;

                break;
            }
        }

        if (lastArg == firstArg) {
            Jim_SetResultString(interp, "missing command to exec", -1);
            goto error;

Changes to regtest.tcl.

296
297
298
299
300
301
302





303
304
305
puts "TEST 40 PASSED"

# REGTEST 41
# access invalid memory on no scan conversion char
catch {scan x %3}
puts "TEST 41 PASSED"






# TAKE THE FOLLOWING puts AS LAST LINE

puts "--- ALL TESTS PASSED ---"







>
>
>
>
>



296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
puts "TEST 40 PASSED"

# REGTEST 41
# access invalid memory on no scan conversion char
catch {scan x %3}
puts "TEST 41 PASSED"

# REGTEST 42
# | and |& are not acceptable as prefixes
catch {exec dummy |x second}
puts "TEST 42 PASSED"

# TAKE THE FOLLOWING puts AS LAST LINE

puts "--- ALL TESTS PASSED ---"