fix CVE-2023-49284
This commit is contained in:
lwg
parent
65d72678a1
commit
1e644aee93
54
backport-CVE-2023-49284.patch
Normal file
54
backport-CVE-2023-49284.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From 09986f5563e31e2c900a606438f1d60d008f3a14 Mon Sep 17 00:00:00 2001
|
||||
From: Fabian Boehm <FHomborg@gmail.com>
|
||||
Date: Sat, 2 Dec 2023 11:06:07 +0100
|
||||
Subject: [PATCH] Encode all ENCODE_DIRECT codepoints with encode_direct
|
||||
|
||||
---
|
||||
src/common.cpp | 7 ++++---
|
||||
tests/checks/basic.fish | 8 ++++++++
|
||||
2 files changed, 12 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/common.cpp b/src/common.cpp
|
||||
index a1cc7c63c62..370ecacd5f0 100644
|
||||
--- a/src/common.cpp
|
||||
+++ b/src/common.cpp
|
||||
@@ -335,9 +335,7 @@ static wcstring str2wcs_internal(const char *in, const size_t in_len) {
|
||||
} else {
|
||||
ret = std::mbrtowc(&wc, &in[in_pos], in_len - in_pos, &state);
|
||||
// Determine whether to encode this character with our crazy scheme.
|
||||
- if (wc >= ENCODE_DIRECT_BASE && wc < ENCODE_DIRECT_BASE + 256) {
|
||||
- use_encode_direct = true;
|
||||
- } else if (wc == INTERNAL_SEPARATOR) {
|
||||
+ if (fish_reserved_codepoint(wc)) {
|
||||
use_encode_direct = true;
|
||||
} else if (ret == static_cast<size_t>(-2)) {
|
||||
// Incomplete sequence.
|
||||
@@ -1313,6 +1311,9 @@ maybe_t<size_t> read_unquoted_escape(const wchar_t *input, wcstring *result, boo
|
||||
}
|
||||
|
||||
if (result_char_or_none.has_value()) {
|
||||
+ if (fish_reserved_codepoint(*result_char_or_none)) {
|
||||
+ return none();
|
||||
+ }
|
||||
result->push_back(*result_char_or_none);
|
||||
}
|
||||
|
||||
diff --git a/tests/checks/basic.fish b/tests/checks/basic.fish
|
||||
index 60a4e18a21f..314b78cc0fb 100644
|
||||
--- a/tests/checks/basic.fish
|
||||
+++ b/tests/checks/basic.fish
|
||||
@@ -587,6 +587,14 @@ $fish -c 'echo \x'
|
||||
# CHECKERR: echo \x
|
||||
# CHECKERR: ^^
|
||||
|
||||
+$fish -c 'echo \ufdd2"fart"'
|
||||
+# CHECKERR: fish: Invalid token '\ufdd2"fart"'
|
||||
+# CHECKERR: echo \ufdd2"fart"
|
||||
+# CHECKERR: ^~~~~~~~~~~^
|
||||
+
|
||||
+echo (sh -c 'printf $\'\ufdd2foo\'') | string escape
|
||||
+# CHECK: \Xef\Xb7\X92foo
|
||||
+
|
||||
printf '%s\n' "#!/bin/sh" 'echo $0' > $tmpdir/argv0.sh
|
||||
chmod +x $tmpdir/argv0.sh
|
||||
cd $tmpdir
|
||||
@ -1,10 +1,12 @@
|
||||
Name: fish
|
||||
Version: 3.6.1
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: Friendly interactive shell
|
||||
License: GPLv2 and BSD and ISC and LGPLv2+ and MIT
|
||||
URL: https://fishshell.com
|
||||
Source0: https://github.com/fish-shell/fish-shell/releases/download/%{version}/%{name}-%{version}.tar.xz
|
||||
# https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14
|
||||
Patch0: backport-CVE-2023-49284.patch
|
||||
|
||||
BuildRequires: cmake >= 3.5
|
||||
BuildRequires: ninja-build
|
||||
@ -97,6 +99,9 @@ fi
|
||||
%{_datadir}/pixmaps/fish.png
|
||||
|
||||
%changelog
|
||||
* Wed Dec 06 2023 lwg <relpeace@yeah.net> - 3.6.1-2
|
||||
- fix CVE-2023-49284
|
||||
|
||||
* Fri Aug 25 2023 yaoxin <yao_xin001@hoperun.com> - 3.6.1-1
|
||||
- Update to 3.6.1
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user