!24 fix CVE-2023-49284

From: @paultohmas Reviewed-by: @lyn1001 Signed-off-by: @lyn1001
2023-12-06 08:51:56 +00:00 · 2023-12-06 08:51:56 +00:00 · 9ae9fe463d
commit 9ae9fe463d
parent 65d72678a1 1e644aee93
2 changed files with 60 additions and 1 deletions
--- a/backport-CVE-2023-49284.patch
+++ b/backport-CVE-2023-49284.patch
@ -0,0 +1,54 @@
+From 09986f5563e31e2c900a606438f1d60d008f3a14 Mon Sep 17 00:00:00 2001
+From: Fabian Boehm <FHomborg@gmail.com>
+Date: Sat, 2 Dec 2023 11:06:07 +0100
+Subject: [PATCH] Encode all ENCODE_DIRECT codepoints with encode_direct
+
+---
+ src/common.cpp          | 7 ++++---
+ tests/checks/basic.fish | 8 ++++++++
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/common.cpp b/src/common.cpp
+index a1cc7c63c62..370ecacd5f0 100644
+--- a/src/common.cpp
+++ b/src/common.cpp
+@@ -335,9 +335,7 @@ static wcstring str2wcs_internal(const char *in, const size_t in_len) {
+         } else {
+             ret = std::mbrtowc(&wc, &in[in_pos], in_len - in_pos, &state);
+             // Determine whether to encode this character with our crazy scheme.
+-            if (wc >= ENCODE_DIRECT_BASE && wc < ENCODE_DIRECT_BASE + 256) {
+-                use_encode_direct = true;
+-            } else if (wc == INTERNAL_SEPARATOR) {
+            if (fish_reserved_codepoint(wc)) {
+                 use_encode_direct = true;
+             } else if (ret == static_cast<size_t>(-2)) {
+                 // Incomplete sequence.
+@@ -1313,6 +1311,9 @@ maybe_t<size_t> read_unquoted_escape(const wchar_t *input, wcstring *result, boo
+     }
+ 
+     if (result_char_or_none.has_value()) {
+        if (fish_reserved_codepoint(*result_char_or_none)) {
+            return none();
+        }
+         result->push_back(*result_char_or_none);
+     }
+ 
+diff --git a/tests/checks/basic.fish b/tests/checks/basic.fish
+index 60a4e18a21f..314b78cc0fb 100644
+--- a/tests/checks/basic.fish
+++ b/tests/checks/basic.fish
+@@ -587,6 +587,14 @@ $fish -c 'echo \x'
+ # CHECKERR: echo \x
+ # CHECKERR:      ^^
+ 
+$fish -c 'echo \ufdd2"fart"'
+# CHECKERR: fish: Invalid token '\ufdd2"fart"'
+# CHECKERR: echo \ufdd2"fart"
+# CHECKERR: ^~~~~~~~~~~^
+
+echo (sh -c 'printf $\'\ufdd2foo\'') | string escape
+# CHECK: \Xef\Xb7\X92foo
+
+ printf '%s\n' "#!/bin/sh" 'echo $0' > $tmpdir/argv0.sh
+ chmod +x $tmpdir/argv0.sh
+ cd $tmpdir
--- a/fish.spec
+++ b/fish.spec
@ -1,10 +1,12 @@
 Name:           fish
 Version:        3.6.1
-Release:        1
+Release:        2
 Summary:        Friendly interactive shell
 License:        GPLv2 and BSD and ISC and LGPLv2+ and MIT
 URL:            https://fishshell.com
 Source0:        https://github.com/fish-shell/fish-shell/releases/download/%{version}/%{name}-%{version}.tar.xz
+# https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14
+Patch0:         backport-CVE-2023-49284.patch

 BuildRequires:  cmake >= 3.5
 BuildRequires:  ninja-build
@ -97,6 +99,9 @@ fi
 %{_datadir}/pixmaps/fish.png

 %changelog
+* Wed Dec 06 2023 lwg <relpeace@yeah.net> - 3.6.1-2
+- fix CVE-2023-49284
+
 * Fri Aug 25 2023 yaoxin <yao_xin001@hoperun.com> - 3.6.1-1
 - Update to 3.6.1