Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh - Multiple DoS Vulnerabilities

On Tue, 2019-05-21 at 16:43 +0200, Oliver Kiddle wrote:
> The following patch is one approach to fixing the last of these bugs.
> There may be a cleaner approach relying on the WC_SUBLIST_END tags,
> probably involving removing this whole block which is looking ahead to
> the next wordcode rather than leaving it for the next iteration of the
> big loop. But that would be a much bigger change with a greater chance
> of breaking things.

OK, so this takes account of the fact that "!" on its own (no following
command line) is allowed and just means negate the status.  That
certainly seems a reasonable way to go.

I was wondering whether this actually shouldn't be a special case in the
parser, but it's not obvious what to do there --- there actually is
nothing following the "!" and pretending there is something isn't a
great fix.  Telling the wordcode handler it can work this way is probably
a better idea.


Messages sorted by: Reverse Date, Date, Thread, Author