Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh - Multiple DoS Vulnerabilities

X-seq: zsh-workers 44346
From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
To: <zsh-workers@xxxxxxx>
Subject: Re: Zsh - Multiple DoS Vulnerabilities
Date: Tue, 21 May 2019 16:42:55 +0100
Cms-type: 201P
Dkim-filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com 20190521154258euoutp015a2ed5159f869d2c8efbc734311d4747~gvRcmWNlr2183121831euoutp01L
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1558453378; bh=8gXgPB/LeAWZjZyrzVvH2UT+QrBfbgVqhAopO7EMwMc=; h=Subject:From:To:Date:In-Reply-To:References:From; b=E9zaHRm9qWLh414ibsomCKUVc2nyw8V/ZmJ4/DOFTaYI1VAd7XKo+sAEfj6mhvnG+ Orn/Cfc85CP37IDfXzh4iImOwrwy9owQVLnKs72l8/MUosOvHaMbFcTTSCJzdYJTAa 9LiTKPiHgZYvh2NyNAb6V0hwcY5MPbud3Jm3uc54=
In-reply-to: <8241-1558449827.736091@IynH.PVDp.gkHU>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAAOKOsfSAR5aRBvEcyQKRzDCvOgRJdyRvVb9AXMq6d22RaUozQ@mail.gmail.com> <CAH+w=7Y8d0h43rM_dHhbiT8nvL3-zxF8DUWTjn--hPX8sF7iaA@mail.gmail.com> <21436-1557865831.121649@2P7I.HAU9.QsaG> <889eb5518ad0f98899ba24c2f3e95a87f7cc3df6.camel@ntlworld.com> <8241-1558449827.736091@IynH.PVDp.gkHU> <CGME20190521154256eucas1p1f0816d2467abd8bf4a0c31058af2983a@eucas1p1.samsung.com>

On Tue, 2019-05-21 at 16:43 +0200, Oliver Kiddle wrote:
> The following patch is one approach to fixing the last of these bugs.
> 
> There may be a cleaner approach relying on the WC_SUBLIST_END tags,
> probably involving removing this whole block which is looking ahead to
> the next wordcode rather than leaving it for the next iteration of the
> big loop. But that would be a much bigger change with a greater chance
> of breaking things.

OK, so this takes account of the fact that "!" on its own (no following
command line) is allowed and just means negate the status.  That
certainly seems a reasonable way to go.

I was wondering whether this actually shouldn't be a special case in the
parser, but it's not obvious what to do there --- there actually is
nothing following the "!" and pretending there is something isn't a
great fix.  Telling the wordcode handler it can work this way is probably
a better idea.

Cheers
pws

References:
- Zsh - Multiple DoS Vulnerabilities
  - From: David Wells
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Bart Schaefer
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Oliver Kiddle
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Peter Stephenson
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Oliver Kiddle

Messages sorted by: Reverse Date, Date, Thread, Author