Date: Thu, 10 Nov 2005 17:08:29 -0500 From: "Josh Elsasser" <josh@elsasser.org> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Subject: bin/88813: PATCH: cd builtin in sh can cd to wrong directory Message-ID: <1131660509.0@anubis> Resent-Message-ID: <200511102220.jAAMKGY9006310@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 88813
>Category: bin
>Synopsis: PATCH: cd builtin in sh can cd to wrong directory
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 10 22:20:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Josh Elsasser
>Release: FreeBSD 6.0-STABLE i386
>Organization:
>Environment:
System: FreeBSD 6.0-STABLE #0: Fri Nov 4 13:20:22 EST 2005
joshe@anubis:/usr/obj/usr/src/sys/ANUBIS
>Description:
The cd builtin in sh removes a leading ./ from the directory but does not check for additional / characters. This is done after the stat() but before the actual chdir(), so the directory must exist in the working directory for the bug to be exhibited.
>How-To-Repeat:
cd
mkdir usr
cd .//usr
pwd
>Fix:
There is probably a better way to fix this but I am just interested in fixing my shell script.
--- sh-cd.diff begins here ---
--- /usr/src/bin/sh/cd.c Tue Apr 6 16:06:51 2004
+++ cd.c Thu Nov 10 16:40:14 2005
@@ -123,8 +123,12 @@
/*
* XXX - rethink
*/
- if (p[0] == '.' && p[1] == '/' && p[2] != '\0')
- p += 2;
+ if (p[0] == '.') {
+ for (ch = 1; p[ch] == '/'; ch++)
+ ;
+ if (p[ch] != '\0')
+ p += ch;
+ }
print = strcmp(p, dest);
}
if (docd(p, print, phys) >= 0)
--- sh-cd.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1131660509.0>