ash: fix unsafe use of mempcpy

function old new delta subevalvar 1549 1557 +8 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2022-03-01 09:56:54 +01:00
parent fa52ac9781
commit 7750b5a25a
1 changed files with 7 additions and 1 deletions
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -7191,7 +7191,13 @@ subevalvar(char *start, char *str, int strloc,
 			len = orig_len - pos;

 		if (!quotes) {
-			loc = mempcpy(startp, startp + pos, len);
+			/* want: loc = mempcpy(startp, startp + pos, len)
+			 * but it does not allow overlapping arguments */
+			loc = startp;
+			while (--len >= 0) {
+				*loc = loc[pos];
+				loc++;
+			}
 		} else {
 			for (vstr = startp; pos != 0; pos--) {
 				if ((unsigned char)*vstr == CTLESC)