Package: dash / 0.5.11+git20200708+dd9ef66-5

0009-dash-Fix-stack-overflow-from-infinite-recursion-in-s.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
From: Chris Lamb <lamby@debian.org>
Date: Thu, 15 Feb 2018 20:28:25 +0000
Subject: dash: Fix stack overflow from infinite recursion in script

Bug-Debian: https://bugs.debian.org/579815
Signed-off-by: Chris Lamb <lamby@debian.org>
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
---
 src/eval.c | 8 +++++++-
 src/eval.h | 2 ++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/eval.c b/src/eval.c
index 6ee2e1a..92c2b3a 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -70,6 +70,7 @@ int evalskip;			/* set if we are skipping commands */
 STATIC int skipcount;		/* number of levels to skip */
 MKINIT int loopnest;		/* current loop nesting level */
 static int funcline;		/* starting line number of current function, or 0 if not in a function */
+static int evalcount;		/* number of nested evalfun calls */
 
 
 char *commandname;
@@ -907,7 +908,12 @@ raise:
 		break;
 
 	case CMDFUNCTION:
-		if (evalfun(cmdentry.u.func, argc, argv, flags))
+		if (evalcount++ >= MAX_RECURSION)
+			sh_error("Maximum function recursion depth (%d) reached",
+			         MAX_RECURSION);
+		int i = evalfun(cmdentry.u.func, argc, argv, flags);
+		evalcount--;
+		if (i)
 			goto raise;
 		break;
 	}
diff --git a/src/eval.h b/src/eval.h
index 63e7d86..38dffbd 100644
--- a/src/eval.h
+++ b/src/eval.h
@@ -51,6 +51,8 @@ struct backcmd {		/* result of evalbackcmd */
 #define EV_EXIT 01		/* exit after evaluating tree */
 #define EV_TESTED 02		/* exit status is checked; ignore -e flag */
 
+#define MAX_RECURSION 1000	/* maximum recursion level */
+
 int evalstring(char *, int);
 union node;	/* BLETCH for ansi C */
 int evaltree(union node *, int);