|
 |
7262f0 |
From 9ce87af4ced4e21258e6003f1fb65b05ca5a7d14 Mon Sep 17 00:00:00 2001
|
|
|
7262f0 |
From: Oliver Kiddle <opk@zsh.org>
|
|
|
7262f0 |
Date: Wed, 15 Dec 2021 01:56:40 +0100
|
|
|
7262f0 |
Subject: [PATCH] security/41: Don't perform PROMPT_SUBST evaluation on %F/%K
|
|
|
7262f0 |
arguments
|
|
|
7262f0 |
|
|
|
7262f0 |
Mitigates CVE-2021-45444
|
|
|
7262f0 |
|
|
|
7262f0 |
Upstream-commit: c187154f47697cdbf822c2f9d714d570ed4a0fd1
|
|
|
7262f0 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
7262f0 |
---
|
|
|
7262f0 |
Src/prompt.c | 10 ++++++++++
|
|
|
7262f0 |
1 file changed, 10 insertions(+)
|
|
|
7262f0 |
|
|
|
7262f0 |
diff --git a/Src/prompt.c b/Src/prompt.c
|
|
|
7262f0 |
index 95da525..1368f8e 100644
|
|
|
7262f0 |
--- a/Src/prompt.c
|
|
|
7262f0 |
+++ b/Src/prompt.c
|
|
|
7262f0 |
@@ -244,6 +244,12 @@ parsecolorchar(int arg, int is_fg)
|
|
|
7262f0 |
bv->fm += 2; /* skip over F{ */
|
|
|
7262f0 |
if ((ep = strchr(bv->fm, '}'))) {
|
|
|
7262f0 |
char oc = *ep, *col, *coll;
|
|
|
7262f0 |
+ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
|
|
|
7262f0 |
+ int opp = opts[PROMPTPERCENT];
|
|
|
7262f0 |
+
|
|
|
7262f0 |
+ opts[PROMPTPERCENT] = 1;
|
|
|
7262f0 |
+ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
|
|
|
7262f0 |
+
|
|
|
7262f0 |
*ep = '\0';
|
|
|
7262f0 |
/* expand the contents of the argument so you can use
|
|
|
7262f0 |
* %v for example */
|
|
|
7262f0 |
@@ -252,6 +258,10 @@ parsecolorchar(int arg, int is_fg)
|
|
|
7262f0 |
arg = match_colour((const char **)&coll, is_fg, 0);
|
|
|
7262f0 |
free(col);
|
|
|
7262f0 |
bv->fm = ep;
|
|
|
7262f0 |
+
|
|
|
7262f0 |
+ opts[PROMPTSUBST] = ops;
|
|
|
7262f0 |
+ opts[PROMPTBANG] = opb;
|
|
|
7262f0 |
+ opts[PROMPTPERCENT] = opp;
|
|
|
7262f0 |
} else {
|
|
|
7262f0 |
arg = match_colour((const char **)&bv->fm, is_fg, 0);
|
|
|
7262f0 |
if (*bv->fm != '}')
|
|
|
7262f0 |
--
|
|
|
7262f0 |
2.34.1
|
|
|
7262f0 |
|