sh: Fix out of bounds read when there is no ] after a [:class:].

The initial check for a matching ] was incorrect if a ] may be consumed by a [:class:]. The subsequent loop assumed that there must be a ]. Remove the initial check and make the loop cope with a missing ]. Found with afl-fuzz. MFC after: 1 week
author: jilles <jilles@FreeBSD.org> 2015-08-25 21:55:15 +0000
committer: jilles <jilles@FreeBSD.org> 2015-08-25 21:55:15 +0000
commit: 424480153f3c8a83b9eda291dae7ff5e112baf4c (patch)
tree: b2ac90e4331870b125760317c214fd30b95887ef /bin/sh/tests
parent: 991c19271a64bddd1f8bb9842dd695986630d505 (diff)
download: FreeBSD-src-424480153f3c8a83b9eda291dae7ff5e112baf4c.zip
FreeBSD-src-424480153f3c8a83b9eda291dae7ff5e112baf4c.tar.gz
2 files changed, 10 insertions, 0 deletions
diff --git a/bin/sh/tests/builtins/Makefile b/bin/sh/tests/builtins/Makefile
index f3c1dc7..c1e7b64 100644
--- a/bin/sh/tests/builtins/Makefile
+++ b/bin/sh/tests/builtins/Makefile
@@ -39,6 +39,7 @@ FILES+=		case16.0
 FILES+=		case17.0
 FILES+=		case18.0
 FILES+=		case19.0
+FILES+=		case20.0
 FILES+=		cd1.0
 FILES+=		cd2.0
 FILES+=		cd3.0
diff --git a/bin/sh/tests/builtins/case20.0 b/bin/sh/tests/builtins/case20.0
new file mode 100644
index 0000000..03a4eb2
--- /dev/null
+++ b/bin/sh/tests/builtins/case20.0
@@ -0,0 +1,9 @@
+# $FreeBSD$
+
+# Shells do not agree about what this pattern should match, but it is
+# certain that it must not crash and the missing close bracket must not
+# be simply ignored.
+
+case B in
+[[:alpha:]) echo bad ;;
+esac
author	jilles <jilles@FreeBSD.org>	2015-08-25 21:55:15 +0000
committer	jilles <jilles@FreeBSD.org>	2015-08-25 21:55:15 +0000
commit	424480153f3c8a83b9eda291dae7ff5e112baf4c (patch)
tree	b2ac90e4331870b125760317c214fd30b95887ef /bin/sh/tests
parent	991c19271a64bddd1f8bb9842dd695986630d505 (diff)
download	FreeBSD-src-424480153f3c8a83b9eda291dae7ff5e112baf4c.zip FreeBSD-src-424480153f3c8a83b9eda291dae7ff5e112baf4c.tar.gz