From 026dfd4aef23cb230f388e1e11faecd7a508f4e6 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 16 Apr 2017 22:10:02 +0000 Subject: [PATCH] sh: Fix use after free when resetting an in-use alias. The special case of modifying an existing alias does not work correctly if the alias is currently in use. Instead, handle this case by unaliasing the old alias (if any) and then creating a new alias. --- bin/sh/alias.c | 11 +---------- bin/sh/tests/parser/Makefile | 1 + bin/sh/tests/parser/alias18.0 | 8 ++++++++ 3 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 bin/sh/tests/parser/alias18.0 diff --git a/bin/sh/alias.c b/bin/sh/alias.c index e67ad649ff7..bbcf5fbe17e 100644 --- a/bin/sh/alias.c +++ b/bin/sh/alias.c @@ -63,17 +63,8 @@ setalias(const char *name, const char *val) { struct alias *ap, **app; + unalias(name); app = hashalias(name); - for (ap = *app; ap; ap = ap->next) { - if (equal(name, ap->name)) { - INTOFF; - ckfree(ap->val); - ap->val = savestr(val); - INTON; - return; - } - } - /* not found */ INTOFF; ap = ckmalloc(sizeof (struct alias)); ap->name = savestr(name); diff --git a/bin/sh/tests/parser/Makefile b/bin/sh/tests/parser/Makefile index dd749e34b52..28816a92680 100644 --- a/bin/sh/tests/parser/Makefile +++ b/bin/sh/tests/parser/Makefile @@ -24,6 +24,7 @@ ${PACKAGE}FILES+= alias14.0 ${PACKAGE}FILES+= alias15.0 alias15.0.stdout ${PACKAGE}FILES+= alias16.0 ${PACKAGE}FILES+= alias17.0 +${PACKAGE}FILES+= alias18.0 ${PACKAGE}FILES+= and-pipe-not.0 ${PACKAGE}FILES+= case1.0 ${PACKAGE}FILES+= case2.0 diff --git a/bin/sh/tests/parser/alias18.0 b/bin/sh/tests/parser/alias18.0 new file mode 100644 index 00000000000..74234fe72c0 --- /dev/null +++ b/bin/sh/tests/parser/alias18.0 @@ -0,0 +1,8 @@ +# $FreeBSD$ + +v=1 +alias a='alias a=v=2 +v=3 +a' +eval a +[ "$v" = 2 ]