svn commit: r297360 - in head/bin/sh: . tests/builtins

Mon, 28 Mar 2016 11:59:04 -0700 

Author: jilles
Date: Mon Mar 28 18:58:40 2016
New Revision: 297360
URL: https://svnweb.freebsd.org/changeset/base/297360

Log:
  sh: Fix use-after-free if a trap replaces itself.
  
  MFC after:    1 week

Added:
  head/bin/sh/tests/builtins/trap17.0   (contents, props changed)
Modified:
  head/bin/sh/tests/builtins/Makefile
  head/bin/sh/trap.c

Modified: head/bin/sh/tests/builtins/Makefile
==============================================================================
--- head/bin/sh/tests/builtins/Makefile Mon Mar 28 18:41:48 2016        
(r297359)
+++ head/bin/sh/tests/builtins/Makefile Mon Mar 28 18:58:40 2016        
(r297360)
@@ -149,6 +149,7 @@ FILES+=             trap13.0
 FILES+=                trap14.0
 FILES+=                trap15.0
 FILES+=                trap16.0
+FILES+=                trap17.0
 FILES+=                trap2.0
 FILES+=                trap3.0
 FILES+=                trap4.0

Added: head/bin/sh/tests/builtins/trap17.0
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ head/bin/sh/tests/builtins/trap17.0 Mon Mar 28 18:58:40 2016        
(r297360)
@@ -0,0 +1,10 @@
+# $FreeBSD$
+# This use-after-free bug probably needs non-default settings to show up.
+
+v1=nothing v2=nothing
+trap 'trap "echo bad" USR1
+v1=trap_received
+v2=trap_invoked
+:' USR1
+kill -USR1 "$$"
+[ "$v1.$v2" = trap_received.trap_invoked ]

Modified: head/bin/sh/trap.c
==============================================================================
--- head/bin/sh/trap.c  Mon Mar 28 18:41:48 2016        (r297359)
+++ head/bin/sh/trap.c  Mon Mar 28 18:58:40 2016        (r297360)
@@ -412,6 +412,7 @@ onsig(int signo)
 void
 dotrap(void)
 {
+       struct stackmark smark;
        int i;
        int savestatus, prev_evalskip, prev_skipcount;
 
@@ -445,7 +446,9 @@ dotrap(void)
 
                                        last_trapsig = i;
                                        savestatus = exitstatus;
-                                       evalstring(trap[i], 0);
+                                       setstackmark(&smark);
+                                       evalstring(stsavestr(trap[i]), 0);
+                                       popstackmark(&smark);
 
                                        /*
                                         * If such a command was not
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to