Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Discovery of 3 Bugs in Zsh

X-seq: zsh-workers 51669
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: Johenan Li <liyuweiheng@xxxxxxxxxxx>
Cc: "zsh-workers@xxxxxxx" <zsh-workers@xxxxxxx>
Subject: Re: Discovery of 3 Bugs in Zsh
Date: Sat, 22 Apr 2023 13:55:35 -0700
Archived-at: <https://zsh.org/workers/51669>
In-reply-to: <SY4P282MB22172C2E89EB590BB4A6E6D4B8619@SY4P282MB2217.AUSP282.PROD.OUTLOOK.COM>
List-id: <zsh-workers.zsh.org>
References: <SY4P282MB22172C2E89EB590BB4A6E6D4B8619@SY4P282MB2217.AUSP282.PROD.OUTLOOK.COM>

On Sat, Apr 22, 2023 at 10:46 AM Johenan Li <liyuweiheng@xxxxxxxxxxx> wrote:
>
> Machine and OS: Ubuntu 20.04.1 x86-64
> Compilation flags: "./configure --enable-zsh-debug CC=afl-cc CXX=afl-c++" with ASan and UBSan instrumentation.

Which zsh sources did you compile?

> The bugs can be replicated by running the following commands:
> 1.zsh < bug_4
> 2.zsh < bug_7
> 3.The memory leak can be triggered by running zsh and then immediately exiting.

Thanks for reporting, but:
- bug_4 looks like a shell command history and won't produce
equivalent results outside your local host.  Furthermore, it contains
a "reboot" command, as well as a "sudo" and a couple "vim", so I would
not recommend anyone attempt sourcing it.
- bug_7 is not in the attached zip
- bug_17 is a binary file?  Is it really intended to be directed to
the shell input?
- memory that leaks only at shell exit (doesn't grow or leak
repeatedly during shell execution) has not typically been considered a
bug.

> I would appreciate it if you could allocate appropriate CVE numbers for these issues and get back to me as soon as possible.

We do not typically allocate CVEs unless an identified security issue
has been found.

References:
- Discovery of 3 Bugs in Zsh
  - From: Johenan Li

Messages sorted by: Reverse Date, Date, Thread, Author