meta-openembedded/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch - openbmc/openbmc - Gitiles

 Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1
 From: Oliver Kiddle <opk@zsh.org>
 Date: Wed, 15 Dec 2021 01:56:40 +0100
 Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on
  %F/%K arguments

 Mitigates CVE-2021-45444

 https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false
 Upstream-Status: Backport
 CVE: CVE-2021-45444
 Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
 ---
  ChangeLog    |  5 +++++
  Src/prompt.c | 10 ++++++++++
  2 files changed, 15 insertions(+)

 diff --git a/ChangeLog b/ChangeLog
 index 8d7dfc169..eb248ec06 100644
 --- a/ChangeLog
 +++ b/ChangeLog
 @@ -1,3 +1,8 @@
 +2022-01-27  dana  <dana@dana.is>
 +
 +	* Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
 +	PROMPT_SUBST
 +
  2020-02-14  dana  <dana@dana.is>

  	* unposted: Config/version.mk: Update for 5.8
 diff --git a/Src/prompt.c b/Src/prompt.c
 index b65bfb86b..91e21c8e9 100644
 --- a/Src/prompt.c
 +++ b/Src/prompt.c
 @@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg)
  	bv->fm += 2; /* skip over F{ */
  	if ((ep = strchr(bv->fm, '}'))) {
  	    char oc = *ep, *col, *coll;
 +	    int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
 +	    int opp = opts[PROMPTPERCENT];
 +
 +	    opts[PROMPTPERCENT] = 1;
 +	    opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
 +
  	    *ep = '\0';
  	    /* expand the contents of the argument so you can use
  	     * %v for example */
 @@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg)
  	    arg = match_colour((const char **)&coll, is_fg, 0);
  	    free(col);
  	    bv->fm = ep;
 +
 +	    opts[PROMPTSUBST] = ops;
 +	    opts[PROMPTBANG] = opb;
 +	    opts[PROMPTPERCENT] = opp;
  	} else {
  	    arg = match_colour((const char **)&bv->fm, is_fg, 0);
  	    if (*bv->fm != '}')
 --
 2.34.1
	Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1
	From: Oliver Kiddle <opk@zsh.org>
	Date: Wed, 15 Dec 2021 01:56:40 +0100
	Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on
	%F/%K arguments

	Mitigates CVE-2021-45444

	https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false
	Upstream-Status: Backport
	CVE: CVE-2021-45444
	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
	---
	ChangeLog \| 5 +++++
	Src/prompt.c \| 10 ++++++++++
	2 files changed, 15 insertions(+)

	diff --git a/ChangeLog b/ChangeLog
	index 8d7dfc169..eb248ec06 100644
	--- a/ChangeLog
	+++ b/ChangeLog
	@@ -1,3 +1,8 @@
	+2022-01-27 dana <dana@dana.is>
	+
	+ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive
	+ PROMPT_SUBST
	+
	2020-02-14 dana <dana@dana.is>

	* unposted: Config/version.mk: Update for 5.8
	diff --git a/Src/prompt.c b/Src/prompt.c
	index b65bfb86b..91e21c8e9 100644
	--- a/Src/prompt.c
	+++ b/Src/prompt.c
	@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg)
	bv->fm += 2; /* skip over F{ */
	if ((ep = strchr(bv->fm, '}'))) {
	char oc = ep, col, *coll;
	+ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG];
	+ int opp = opts[PROMPTPERCENT];
	+
	+ opts[PROMPTPERCENT] = 1;
	+ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0;
	+
	*ep = '\0';
	/* expand the contents of the argument so you can use
	* %v for example */
	@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg)
	arg = match_colour((const char **)&coll, is_fg, 0);
	free(col);
	bv->fm = ep;
	+
	+ opts[PROMPTSUBST] = ops;
	+ opts[PROMPTBANG] = opb;
	+ opts[PROMPTPERCENT] = opp;
	} else {
	arg = match_colour((const char **)&bv->fm, is_fg, 0);
	if (*bv->fm != '}')
	--
	2.34.1