From 6c3f73bc536082fec38bd36e6c8a121033c68835 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 2 Oct 2014 08:26:06 +0800 Subject: [EVAL] Fix use-after-free in dotrap/evalstring The function dotrap calls evalstring using the stored trap string. If evalstring then unsets that exact trap string then we will end up using freed memory. This patch fixes it by making evalstring always duplicate the string before using it. Signed-off-by: Herbert Xu --- src/eval.c | 3 +++ src/histedit.c | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/eval.c b/src/eval.c index c7358a6..3cfa1e5 100644 --- a/src/eval.c +++ b/src/eval.c @@ -160,6 +160,7 @@ evalstring(char *s, int flags) struct stackmark smark; int status; + s = sstrdup(s); setinputstring(s); setstackmark(&smark); @@ -171,7 +172,9 @@ evalstring(char *s, int flags) if (evalskip) break; } + popstackmark(&smark); popfile(); + stunalloc(s); return status; } diff --git a/src/histedit.c b/src/histedit.c index b27d629..94465d7 100644 --- a/src/histedit.c +++ b/src/histedit.c @@ -372,8 +372,7 @@ histcmd(int argc, char **argv) out2str(s); } - evalstring(strcpy(stalloc(strlen(s) + 1), s), - 0); + evalstring(s, 0); if (displayhist && hist) { /* * XXX what about recursive and -- cgit 1.4.1 st/commit/tab.c?h=catgirl&id=d1fea96e8632b92f561420eaff9468fcd846d297&follow=1'>commit diff
path: root/tab.c (unfollow)
Commit message (Expand)Author
2018-08-09Ignore trailing space on slash commandsJune McEnroe
2018-08-09Replace shift with a great variadic functionJune McEnroe
2018-08-09Only tabTouch nick if not selfJune McEnroe
2018-08-09Add URL detection, listing and openingJune McEnroe
2018-08-08Add commands to tab completeJune McEnroe
2018-08-08Use blank line as unread markerJune McEnroe
2018-08-08Add Homebrew LibreSSL paths to MakefileJune McEnroe
2018-08-08Distinguish self with square bracketsJune McEnroe
2018-08-08Add markers as lines to the logJune McEnroe
2018-08-08Factor out line editing to edit.cJune McEnroe
2018-08-08Set log marker on FocusOut eventJune McEnroe
2018-08-08Color own messages 15June McEnroe
2018-08-08Use BLACK LEFT-POINTING TRIANGLE for markerJune McEnroe
2018-08-07Reset attrs after addIRCJune McEnroe
2018-08-07Add tab complete UIJune McEnroe
2018-08-07Implement cycling tab completeJune McEnroe
2018-08-07Mark log when scrolling upJune McEnroe
2018-08-07Remove extraneous slash from unrecognized commandJune McEnroe
2018-08-07Highlight and beep pingsJune McEnroe
2018-08-07Factor out allocating conversion between wcs and mbsJune McEnroe
2018-08-07Match commands case-insensitivelyJune McEnroe
2018-08-07Convert input to multibyte before handlingJune McEnroe
2018-08-07Populate tab-complete listJune McEnroe
2018-08-07Fix /me formatting side-effectsJune McEnroe
2018-08-07Define ui.c BUF_LEN with enumJune McEnroe
2018-08-07Hack clang into checking uiFmt format stringsJune McEnroe
2018-08-07Handle PART and QUIT without messagesJune McEnroe
2018-08-07Make safe filling the who bufferJune McEnroe
2018-08-07Add reverse and reset IRC formatting codesJune McEnroe
2018-08-06Rewrite line editing again, add formattingJune McEnroe
2018-08-06Fix allocation size in vaswprintfJune McEnroe
2018-08-06Implement word wrappingJune McEnroe
2018-08-06Use wchar_t strings for all of UIJune McEnroe
2018-08-06Rename line editing functionsJune McEnroe
2018-08-05Initialize all possible color pairsJune McEnroe
2018-08-05Refactor color initializationJune McEnroe
2018-08-05Add ^L redrawJune McEnroe
2018-08-05Use 16 colors if availableJune McEnroe
2018-08-05Limit parsed colors to number of mIRC colorsJune McEnroe
2018-08-04Show source link on exitJune McEnroe
2018-08-04Implement line editing, scrollingJune McEnroe
2018-08-04Handle /topicJune McEnroe