svn commit: r297750 - in stable/10/bin/sh: . tests/builtins

Sat, 09 Apr 2016 07:24:55 -0700 

Author: jilles
Date: Sat Apr  9 14:24:17 2016
New Revision: 297750
URL: https://svnweb.freebsd.org/changeset/base/297750

Log:
  MFC r297360: sh: Fix use-after-free if a trap replaces itself.
  
  The mergeinfo for this commit was accidentally added to the previous commit.

Added:
  stable/10/bin/sh/tests/builtins/trap17.0
     - copied unchanged from r297360, head/bin/sh/tests/builtins/trap17.0
Modified:
  stable/10/bin/sh/tests/builtins/Makefile
  stable/10/bin/sh/trap.c

Modified: stable/10/bin/sh/tests/builtins/Makefile
==============================================================================
--- stable/10/bin/sh/tests/builtins/Makefile    Sat Apr  9 14:09:14 2016        
(r297749)
+++ stable/10/bin/sh/tests/builtins/Makefile    Sat Apr  9 14:24:17 2016        
(r297750)
@@ -127,6 +127,7 @@ FILES+=             trap11.0
 FILES+=                trap12.0
 FILES+=                trap13.0
 FILES+=                trap14.0
+FILES+=                trap17.0
 FILES+=                trap2.0
 FILES+=                trap3.0
 FILES+=                trap4.0

Copied: stable/10/bin/sh/tests/builtins/trap17.0 (from r297360, 
head/bin/sh/tests/builtins/trap17.0)
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ stable/10/bin/sh/tests/builtins/trap17.0    Sat Apr  9 14:24:17 2016        
(r297750, copy of r297360, head/bin/sh/tests/builtins/trap17.0)
@@ -0,0 +1,10 @@
+# $FreeBSD$
+# This use-after-free bug probably needs non-default settings to show up.
+
+v1=nothing v2=nothing
+trap 'trap "echo bad" USR1
+v1=trap_received
+v2=trap_invoked
+:' USR1
+kill -USR1 "$$"
+[ "$v1.$v2" = trap_received.trap_invoked ]

Modified: stable/10/bin/sh/trap.c
==============================================================================
--- stable/10/bin/sh/trap.c     Sat Apr  9 14:09:14 2016        (r297749)
+++ stable/10/bin/sh/trap.c     Sat Apr  9 14:24:17 2016        (r297750)
@@ -403,6 +403,7 @@ onsig(int signo)
 void
 dotrap(void)
 {
+       struct stackmark smark;
        int i;
        int savestatus, prev_evalskip, prev_skipcount;
 
@@ -436,7 +437,9 @@ dotrap(void)
 
                                        last_trapsig = i;
                                        savestatus = exitstatus;
-                                       evalstring(trap[i], 0);
+                                       setstackmark(&smark);
+                                       evalstring(stsavestr(trap[i]), 0);
+                                       popstackmark(&smark);
 
                                        /*
                                         * If such a command was not
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"

Reply via email to