diff --git a/NEWS b/NEWS index 9f305ca35..f38dcf510 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,10 @@ For full details, see the git log at: https://github.com/ksh93/ksh/tree/1.0 Any uppercase BUG_* names are modernish shell bug IDs. +2022-01-20: + +- Fixed a potential crash in history expansion due to a buffer overflow. + 2022-01-12: - Added bash-inspired --histreedit and --histverify options that modify history diff --git a/src/cmd/ksh93/edit/hexpand.c b/src/cmd/ksh93/edit/hexpand.c index e1aa6ebab..aa945060a 100644 --- a/src/cmd/ksh93/edit/hexpand.c +++ b/src/cmd/ksh93/edit/hexpand.c @@ -2,7 +2,7 @@ * * * This software is part of the ast package * * Copyright (c) 1982-2011 AT&T Intellectual Property * -* Copyright (c) 2020-2021 Contributors to ksh 93u+m * +* Copyright (c) 2020-2022 Contributors to ksh 93u+m * * and is licensed under the * * Eclipse Public License, Version 1.0 * * by AT&T Intellectual Property * @@ -590,7 +590,13 @@ getsel: { /* preset old with match from !?string? */ if(!sb.str[0] && wm) - sb.str[0] = sh_strdup(sfsetbuf(wm, (void*)1, 0)); + { + char *sbuf = sfsetbuf(wm, (void*)1, 0); + int n = sftell(wm); + sb.str[0] = sh_malloc(n + 1); + sb.str[0][n] = '\0'; + memcpy(sb.str[0], sbuf, n); + } cp = parse_subst(cp, &sb); } diff --git a/src/cmd/ksh93/include/version.h b/src/cmd/ksh93/include/version.h index 73a26de77..c193b88ba 100644 --- a/src/cmd/ksh93/include/version.h +++ b/src/cmd/ksh93/include/version.h @@ -21,7 +21,7 @@ #define SH_RELEASE_FORK "93u+m" /* only change if you develop a new ksh93 fork */ #define SH_RELEASE_SVER "1.0.0-beta.2" /* semantic version number: https://semver.org */ -#define SH_RELEASE_DATE "2022-01-12" /* must be in this format for $((.sh.version)) */ +#define SH_RELEASE_DATE "2022-01-20" /* must be in this format for $((.sh.version)) */ #define SH_RELEASE_CPYR "(c) 2020-2022 Contributors to ksh " SH_RELEASE_FORK /* Scripts sometimes field-split ${.sh.version}, so don't change amount of whitespace. */