Path: csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail From: Chet Ramey Newsgroups: gnu.bash.bug Subject: Re: [PATCH] unwind_prot.c: Avoid buffer overflow Date: Mon, 29 Jun 2020 11:04:08 -0400 Organization: ITS, Case Western Reserve University Lines: 14 Approved: bug-bash@gnu.org Message-ID: References: <20200627211438.40013-1-jrtc27@jrtc27.com> <1f15d59b-4973-229f-d3c2-00e8c7a06283@case.edu> Reply-To: chet.ramey@case.edu NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Trace: usenet.stanford.edu 1593443056 15724 209.51.188.17 (29 Jun 2020 15:04:16 GMT) X-Complaints-To: action@cs.stanford.edu Cc: chet.ramey@case.edu To: Jessica Clarke , bug-bash@gnu.org Envelope-to: bug-bash@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1593443052; bh=z02gX57mjlKJcZ5KR/3/dxsY3ha/TK/ZfYrdhH6Ez+Q=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=OwpAer1i6RaQkAtDGBfdfrAlQodI8eEnFwEqmCcWLvr1oUJCLy7GjQKNPvtUavf8zl xPOSN8DVOY/sa+ajUzG8vsRyoWm/3C5UPva2aIbi+i6bByo8173sRDsfADREO8mGvhf CNOy/Ndtl0dUvL5XZJT2SMaZcUz+0qVzQ3B5p7Cy7eKsqw6Km71gg0aiNrnxb9aq2BG dyxtR0FBziHQM824geGV66Qxu8B6izyioXLqGkkQbEOcG1Db9+0u+rs55TB0VL/NYNq NX1UT62MLv2X1ngsEXmG9/7YpIDPQa4XHs5u1iNl4KjMQRYO3mpnO1aYEnPrThg/9WB 0hXP1wnQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1593443051; bh=F5rlEHr5plFl2r/4h+HKG7V8+tR/qPPy94POiFBQNiI=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=WJIftmC7F8zK9clAIRQDUkL1HLj7euwJKQfFAk6k5JujqOi5FVt+t2NkuHmhce0yQI LvbTl/5Y0GN8XtSssqquc7yJEMfrSK1tRw9rVEl0D9HyfsLn4TslghKSEumGgzITIp+ x1ERrqU3gqZ43l+lpSGVUFqqp+PrSQRsAuwb1Khw5OpG4tpjF3itwPDYWyfjH13m91x RDnBHc8t5G8k8Vrlr652jSSNtQYXe5iP2CXoIl5aNuUoD7qMueF6KVwROgchDCJscDr ArnkMU4QeIoIlKCqdjpp1MSUboPSjm5TsZ3LNKGhba4+WeoRwabBOvOmwR0E7QPl9td 5f5dL9EA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=g-case; h=reply-to:cc:subject:to:references:from:autocrypt:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=F5rlEHr5plFl2r/4h+HKG7V8+tR/qPPy94POiFBQNiI=; b=heq/rXCyXyxgo5pY42Us/+f2nDQIK4iAeMadSNQBNcaL6ne8bdTImvoLGoMXlhqSRM 4N7yWqC1Z3njQ9hVRV9OyKpQ4+imT32S1D/RlX+CO9Y0Kpsjzsj5rZssvZhd0Ttwjn3M 5xg/shGmCU7240VKlMh9IpBGsF20Hlce0T2/dKNcLur9+Q1+PQiEPAZoClS83aBuWPOC jUondlEOssJ/VKDMDUl/VUZ5fp0OteISu3wFXS8ZV4beS22sdw25xkT+scmtR0nqkOXA EKfO/mZ7GnVFtfOTv6wliBv4sv3OQiZ27SnF4BM6u9ITrZH2YzM2N7qgIVK7vYt0dV1o 7ItQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:cc:subject:to:references:from:autocrypt :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=F5rlEHr5plFl2r/4h+HKG7V8+tR/qPPy94POiFBQNiI=; b=V8hJ878LBfKRIHFKS1SXeniCj9plhN2Zf3tW38F3MNLo3oQ9r6EqGuYvg4TFVqKim4 cbsq0pNSZVp27ezzZJx6a8OFTDuYtOEmXy68vnxgCHQkkcW2UZunwX6YytCcZsNV+jlg zls+tb+EGScqbZY2S8f2ejAqQU5t0DZGjl5NYM22Fzidcu6eFQK5kKtLFXY30DsqyWHb 77Id83GXRMPJc7IS69EkmqYikhp/TSyWfVG495TO5ZEMQI80/va8dNV8VYQ2e99l3zVE bYVBj33MTHNrvW+XoKvqGtSyntfiUM+gxBi40TTnSYS32JCXAbb3lNC4aDc/VhzCvnXP NThg== X-Gm-Message-State: AOAM530EZxkaS1DMQEP0/YbzkGliFo346o4PEeOYN+GEnkfXMGNxj/DX n0IHRDG8tSJ5EQUBUOGzIjXpMLqXTyTZrmiv9lY6pPnIZNbXqQzt9LZigtjhZ17VxV3A8yEn3xC l45QjEoJSzYs= X-Received: by 2002:a92:6c0f:: with SMTP id h15mr16544584ilc.210.1593443050375; Mon, 29 Jun 2020 08:04:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwnvCBJManiV6eo2+Puy4OzYURf+r9BMwdxxk+j1Ldn7Q9rDwnVCMoEyTQ+UIMi2Be9htEdAg== X-Received: by 2002:a92:6c0f:: with SMTP id h15mr16544563ilc.210.1593443050117; Mon, 29 Jun 2020 08:04:10 -0700 (PDT) Autocrypt: addr=chet.ramey@case.edu; prefer-encrypt=mutual; keydata= mQGiBEEOsGwRBACFa0A1oa71HSZLWxAx0svXzhOZNQZOzqHmSuGOG92jIpQpr8DpvgRh40Yp AwdcXb8QG1J5yGAKeevNE1zCFaA725vGSdHUyypHouV0xoWwukYO6qlyyX+2BZU+okBUqoWQ koWxiYaCSfzB2Ln7pmdys1fJhcgBKf3VjWCjd2XJTwCgoFJOwyBFJdugjfwjSoRSwDOIMf0D /iQKqlWhIO1LGpMrGX0il0/x4zj0NAcSwAk7LaPZbN4UPjn5pqGEHBlf1+xDDQCkAoZ/VqES GZragl4VqJfxBr29Ag0UDvNbUbXoxQsARdero1M8GiAIRc50hj7HXFoERwenbNDJL86GPLAQ OTGOCa4W2o29nFfFjQrsrrYHzVtyA/9oyKvTeEMJ7NA3VJdWcmn7gOu0FxEmSNhSoV1T4vP2 1Wf7f5niCCRKQLNyUy0wEApQi4tSysdz+AbgAc0b/bHYVzIf2uO2lIEZQNNt+3g2bmXgloWm W5fsm/di50Gm1l1Na63d3RZ00SeFQos6WEwLUHEB0yp6KXluXLLIZitEJLQwQ2hldCBSYW1l eSAoQ2FzZSBzdGFuZGFyZCkgPGNoZXQucmFtZXlAY2FzZS5lZHU+iF8EExECAB8FAkPi19EC GwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJELtYafBk6nSrelkAn31Gsuib7GcCZHbv5L5t VKYR9LklAJ4hzUHKA49Z0QXR+qCb80osIcmPSbkBDQRBDrBvEAQAkK6TAOKBEM+EC4j6V/7o /riVZqcgU5cid2qG9TXdwNtD9a3kvA/ObZBO93sX59wc6Bnwo4VJxsOmMlpGrAjJsxNwg3QH akEtf8LXRbVpj5xStdmBdQZUhIQyalo/2/TZq5OijtddUQcL5cs70hTv/FpT3wUvr2Xr8rjF 41IFEz8AAwcD/A0CZEGlzIrT5WCBnl6xBog/8vKiUCbarByat3d1mL6DbizvKNXQRTC9E/vE dENAWCQCjr75Bu55xT8n3SXGtWdDC5xmZ/P3OBYORP8yl8H8I1FIosWOFirbIeYdZPq8SPD1 HL+EXo9zSiHVrrZRJ19ooCKKbSdXHFCY+aJG+0KZiEkEGBECAAkFAkEOsG8CGwwACgkQu1hp 8GTqdKvjcACfZlkVCDwaz/NTO9cy3t69oWpVPNwAnRwe0qk/WL/gfhH346xh5B3HFbFN User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 In-Reply-To: <20200627211438.40013-1-jrtc27@jrtc27.com> Content-Language: en-US X-Mirapoint-IP-Reputation: reputation=Good-1, source=Queried, refid=tid=0001.0A020301.5EF9F51F.0042, actions=tag X-Mirapoint-IP-Reputation: reputation=good-1, source=Fixed, refid=n/a, actions=tag X-Junkmail-Status: score=7/80, host=mpv3-2015.case.edu X-Junkmail-PrAS-Raw: score=7/80, refid=2.7.2:2020.6.29.144817:17:7.944, ip=, rules=__YOUTUBE_RCVD, DKIM_SIGNATURE, __X_GOOGLE_DKIM_SIGNATURE, __HAS_REPLYTO, __HAS_CC_HDR, __SUBJ_REPLY, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __SUBJ_ALPHA_END, __TO_MALFORMED_2, __MULTIPLE_RCPTS_TO_X2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_REFERENCES, __REFERENCES, __HAS_FROM, FROM_EDU_TLD, __HAS_MSGID, __SANE_MSGID, DATE_TZ_NA, __USER_AGENT, __MOZILLA_USER_AGENT, __MIME_VERSION, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __FROM_DOMAIN_IN_ANY_CC1, __FROM_DOMAIN_IN_ANY_CC2, __REPLYTO_SAMEAS_FROM_DOMAIN, __DKIM_ALIGNS_1, __DKIM_ALIGNS_2, __ANY_URI, __URI_MAILTO, __URI_WITH_PATH, __URI_ENDS_IN_SLASH, __URI_NO_WWW, __PHISH_SPEAR_STORAGE_LIMIT2, __CP_URI_IN_BODY, __SUBJ_ALPHA_NEGATE, __URI_IN_BODY, __URI_NOT_IMG, __MAIL_CHAIN, __FORWARDED_MSG, __BODY_NO_MAILTO, __NO_HTML_TAG_RAW, [TRUNCATED], so=2010-03-03 19:42:08, dmn=2016-08-03-0138 Received-SPF: pass client-ip=129.22.103.194; envelope-from=chet.ramey@case.edu; helo=mpv3-2015.case.edu X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/29 10:37:28 X-ACL-Warn: Detected OS = Linux 2.4.x-2.6.x [generic] X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <1f15d59b-4973-229f-d3c2-00e8c7a06283@case.edu> X-Mailman-Original-References: <20200627211438.40013-1-jrtc27@jrtc27.com> Xref: csiph.com gnu.bash.bug:16489 On 6/27/20 5:14 PM, Jessica Clarke wrote: > In unwind_protect_mem_internal, we must make sure to allocate at least a > full UNWIND_ELT, even if the required size for desired_setting is less > than the remaining padding in UNWIND_ELT. Otherwise when we come to > memset it with 0xdf in unwind_frame_discard_internal we will overflow > the allocation. Thanks for the fix. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/