Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
fish.18230
fix-CVE-2023-49284.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-CVE-2023-49284.patch of Package fish.18230
From 09986f5563e31e2c900a606438f1d60d008f3a14 Mon Sep 17 00:00:00 2001 From: Fabian Boehm <FHomborg@gmail.com> Date: Sat, 2 Dec 2023 11:06:07 +0100 Subject: [PATCH] Encode all ENCODE_DIRECT codepoints with encode_direct --- src/common.cpp | 7 ++++--- tests/checks/basic.fish | 8 ++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) Index: fish-3.3.1/src/common.cpp =================================================================== --- fish-3.3.1.orig/src/common.cpp +++ fish-3.3.1/src/common.cpp @@ -355,9 +355,7 @@ static wcstring str2wcs_internal(const c } else { ret = std::mbrtowc(&wc, &in[in_pos], in_len - in_pos, &state); // Determine whether to encode this character with our crazy scheme. - if (wc >= ENCODE_DIRECT_BASE && wc < ENCODE_DIRECT_BASE + 256) { - use_encode_direct = true; - } else if (wc == INTERNAL_SEPARATOR) { + if (fish_reserved_codepoint(wc)) { use_encode_direct = true; } else if (ret == static_cast<size_t>(-2)) { // Incomplete sequence. @@ -1317,6 +1315,9 @@ maybe_t<size_t> read_unquoted_escape(con } if (!errored && result_char_or_none.has_value()) { + if (fish_reserved_codepoint(*result_char_or_none)) { + return none(); + } result->push_back(*result_char_or_none); } if (errored) return none(); Index: fish-3.3.1/tests/checks/basic.fish =================================================================== --- fish-3.3.1.orig/tests/checks/basic.fish +++ fish-3.3.1/tests/checks/basic.fish @@ -500,3 +500,11 @@ echo banana # This used to be a parse error - #7685. echo (echo hello\\) # CHECK: hello\ + +$fish -c 'echo \ufdd2"fart"' +# CHECKERR: fish: Invalid token '\ufdd2"fart"' +# CHECKERR: echo \ufdd2"fart" +# CHECKERR: ^~~~~~~~~~~^ + +echo (sh -c 'printf $\'\ufdd2foo\'') | string escape +# CHECK: \Xef\Xb7\X92foo
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor