diff options
author | jilles <jilles@FreeBSD.org> | 2016-04-09 14:24:17 +0000 |
---|---|---|
committer | jilles <jilles@FreeBSD.org> | 2016-04-09 14:24:17 +0000 |
commit | 0b7191c4edd67a9751c3d0192656853db85a97cd (patch) | |
tree | 9566aab495d4415d606c407572df025893e527dd /bin/sh | |
parent | 1a49b5f5b011c2709fb744c8d09ebcec51173672 (diff) | |
download | FreeBSD-src-0b7191c4edd67a9751c3d0192656853db85a97cd.zip FreeBSD-src-0b7191c4edd67a9751c3d0192656853db85a97cd.tar.gz |
MFC r297360: sh: Fix use-after-free if a trap replaces itself.
The mergeinfo for this commit was accidentally added to the previous commit.
Diffstat (limited to 'bin/sh')
-rw-r--r-- | bin/sh/tests/builtins/Makefile | 1 | ||||
-rw-r--r-- | bin/sh/tests/builtins/trap17.0 | 10 | ||||
-rw-r--r-- | bin/sh/trap.c | 5 |
3 files changed, 15 insertions, 1 deletions
diff --git a/bin/sh/tests/builtins/Makefile b/bin/sh/tests/builtins/Makefile index 527c1b3..78b0b0c 100644 --- a/bin/sh/tests/builtins/Makefile +++ b/bin/sh/tests/builtins/Makefile @@ -127,6 +127,7 @@ FILES+= trap11.0 FILES+= trap12.0 FILES+= trap13.0 FILES+= trap14.0 +FILES+= trap17.0 FILES+= trap2.0 FILES+= trap3.0 FILES+= trap4.0 diff --git a/bin/sh/tests/builtins/trap17.0 b/bin/sh/tests/builtins/trap17.0 new file mode 100644 index 0000000..89be893 --- /dev/null +++ b/bin/sh/tests/builtins/trap17.0 @@ -0,0 +1,10 @@ +# $FreeBSD$ +# This use-after-free bug probably needs non-default settings to show up. + +v1=nothing v2=nothing +trap 'trap "echo bad" USR1 +v1=trap_received +v2=trap_invoked +:' USR1 +kill -USR1 "$$" +[ "$v1.$v2" = trap_received.trap_invoked ] diff --git a/bin/sh/trap.c b/bin/sh/trap.c index 8ea3b12..dbc6ba2 100644 --- a/bin/sh/trap.c +++ b/bin/sh/trap.c @@ -403,6 +403,7 @@ onsig(int signo) void dotrap(void) { + struct stackmark smark; int i; int savestatus, prev_evalskip, prev_skipcount; @@ -436,7 +437,9 @@ dotrap(void) last_trapsig = i; savestatus = exitstatus; - evalstring(trap[i], 0); + setstackmark(&smark); + evalstring(stsavestr(trap[i]), 0); + popstackmark(&smark); /* * If such a command was not |