From 749575d3c52c32f57f46f2cbb2942a2204d333ee Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Tue, 30 Jan 2018 04:29:03 +0100
Subject: hush: protect against self-modifying trap code

function                                             old     new   delta
check_and_run_traps                                  211     236     +25

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 shell/hush.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'shell')

diff --git a/shell/hush.c b/shell/hush.c
index ddf377355..585c51bd5 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -2004,10 +2004,12 @@ static int check_and_run_traps(void)
 				smalluint save_rcode;
 				char *argv[3];
 				/* argv[0] is unused */
-				argv[1] = G_traps[sig];
+				argv[1] = xstrdup(G_traps[sig]);
+				/* why strdup? trap can modify itself: trap 'trap "echo oops" INT' INT */
 				argv[2] = NULL;
 				save_rcode = G.last_exitcode;
 				builtin_eval(argv);
+				free(argv[1]);
 //FIXME: shouldn't it be set to 128 + sig instead?
 				G.last_exitcode = save_rcode;
 				last_sig = sig;
-- 
cgit v1.2.3