ash: fix unsafe use of mempcpy

function old new delta subevalvar 1549 1557 +8 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2022-03-01 09:56:54 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2022-03-01 09:56:54 +0100
commit: 7750b5a25a8cf9081b7c248687c876d0068e85bb (patch)
tree: 54ce5391f7899d104e010c810f27cf2f51817688
parent: fa52ac9781f479de8ab4d8526276244c0a0471f4 (diff)
download: busybox-w32-7750b5a25a8cf9081b7c248687c876d0068e85bb.tar.gz
busybox-w32-7750b5a25a8cf9081b7c248687c876d0068e85bb.tar.bz2
busybox-w32-7750b5a25a8cf9081b7c248687c876d0068e85bb.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/shell/ash.c b/shell/ash.c
index 54335c5dd..44ec2eafd 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -7191,7 +7191,13 @@ subevalvar(char *start, char *str, int strloc,
                        len = orig_len - pos;
                if (!quotes) {
-                        loc = mempcpy(startp, startp + pos, len);
+                        /* want: loc = mempcpy(startp, startp + pos, len)
+                         * but it does not allow overlapping arguments */
+                        loc = startp;
+                        while (--len >= 0) {
+                                *loc = loc[pos];
+                                loc++;
+                        }
                } else {
                        for (vstr = startp; pos != 0; pos--) {
                                if ((unsigned char)*vstr == CTLESC)
author	Denys Vlasenko <vda.linux@googlemail.com>	2022-03-01 09:56:54 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2022-03-01 09:56:54 +0100
commit	7750b5a25a8cf9081b7c248687c876d0068e85bb (patch)
tree	54ce5391f7899d104e010c810f27cf2f51817688
parent	fa52ac9781f479de8ab4d8526276244c0a0471f4 (diff)
download	busybox-w32-7750b5a25a8cf9081b7c248687c876d0068e85bb.tar.gz busybox-w32-7750b5a25a8cf9081b7c248687c876d0068e85bb.tar.bz2 busybox-w32-7750b5a25a8cf9081b7c248687c876d0068e85bb.zip