ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

more: fix null-pointer dereference 

The command allows executing arbitrary shell commands while viewing a file by
entering '!' followed by the command. Entering a command that contains a '%',
'!', or '\' causes a segmentation violation.

The same more(1) function has a problem when not file is specified (cat
/etc/passwd | more) on command line.

Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1975153
Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
Karel Zak 2021-06-23 11:37:31 +02:00
parent c0617de5a4
commit cd969e8908
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
text-utils/more.c
View File

@ -1113,13 +1113,18 @@ static void expand(struct more_control *ctl, char *inbuf)
char *outstr;
char c;
char *temp;
int tempsz, xtra, offset;
int tempsz, xtra = 0, offset;
if (!ctl->no_tty_in)
xtra += strlen(ctl->file_names[ctl->argv_position]) + 1;
if (ctl->shell_line)
xtra += strlen(ctl->shell_line) + 1;
xtra = strlen(ctl->file_names[ctl->argv_position]) + strlen(ctl->shell_line) + 1;
tempsz = COMMAND_BUF + xtra;
temp = xmalloc(tempsz);
inpstr = inbuf;
outstr = temp;
while ((c = *inpstr++) != '\0') {
offset = outstr - temp;
if (tempsz - offset - 1 < xtra) {