File fix-CVE-2023-49284.patch of Package fish.18230

Overview Repositories Revisions Requests Users Attributes Meta

File fix-CVE-2023-49284.patch of Package fish.18230

From 09986f5563e31e2c900a606438f1d60d008f3a14 Mon Sep 17 00:00:00 2001
From: Fabian Boehm <FHomborg@gmail.com>
Date: Sat, 2 Dec 2023 11:06:07 +0100
Subject: [PATCH] Encode all ENCODE_DIRECT codepoints with encode_direct

---
 src/common.cpp          | 7 ++++---
 tests/checks/basic.fish | 8 ++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

Index: fish-3.3.1/src/common.cpp
===================================================================
--- fish-3.3.1.orig/src/common.cpp
+++ fish-3.3.1/src/common.cpp
@@ -355,9 +355,7 @@ static wcstring str2wcs_internal(const c
         } else {
             ret = std::mbrtowc(&wc, &in[in_pos], in_len - in_pos, &state);
             // Determine whether to encode this character with our crazy scheme.
-            if (wc >= ENCODE_DIRECT_BASE && wc < ENCODE_DIRECT_BASE + 256) {
-                use_encode_direct = true;
-            } else if (wc == INTERNAL_SEPARATOR) {
+            if (fish_reserved_codepoint(wc)) {
                 use_encode_direct = true;
             } else if (ret == static_cast<size_t>(-2)) {
                 // Incomplete sequence.
@@ -1317,6 +1315,9 @@ maybe_t<size_t> read_unquoted_escape(con
     }
 
     if (!errored && result_char_or_none.has_value()) {
+        if (fish_reserved_codepoint(*result_char_or_none)) {
+            return none();
+        }
         result->push_back(*result_char_or_none);
     }
     if (errored) return none();
Index: fish-3.3.1/tests/checks/basic.fish
===================================================================
--- fish-3.3.1.orig/tests/checks/basic.fish
+++ fish-3.3.1/tests/checks/basic.fish
@@ -500,3 +500,11 @@ echo banana
 # This used to be a parse error - #7685.
 echo (echo hello\\)
 # CHECK: hello\
+
+$fish -c 'echo \ufdd2"fart"'
+# CHECKERR: fish: Invalid token '\ufdd2"fart"'
+# CHECKERR: echo \ufdd2"fart"
+# CHECKERR: ^~~~~~~~~~~^
+
+echo (sh -c 'printf $\'\ufdd2foo\'') | string escape
+# CHECK: \Xef\Xb7\X92foo

Places

File fix-CVE-2023-49284.patch of Package fish.18230

Places