ash: fix unsafe use of mempcpy

function old new delta subevalvar 1549 1557 +8 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko 2022-03-01 09:56:54 +0100
committer: Denys Vlasenko 2022-03-01 09:56:54 +0100
commit: 7750b5a25a8cf9081b7c248687c876d0068e85bb (patch)
tree: 54ce5391f7899d104e010c810f27cf2f51817688
parent: fa52ac9781f479de8ab4d8526276244c0a0471f4 (diff)
download: busybox-7750b5a25a8cf9081b7c248687c876d0068e85bb.zip
busybox-7750b5a25a8cf9081b7c248687c876d0068e85bb.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/shell/ash.c b/shell/ash.c
index 54335c5..44ec2ea 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -7191,7 +7191,13 @@ subevalvar(char *start, char *str, int strloc,
 			len = orig_len - pos;
 
 		if (!quotes) {
-			loc = mempcpy(startp, startp + pos, len);
+			/* want: loc = mempcpy(startp, startp + pos, len)
+			 * but it does not allow overlapping arguments */
+			loc = startp;
+			while (--len >= 0) {
+				*loc = loc[pos];
+				loc++;
+			}
 		} else {
 			for (vstr = startp; pos != 0; pos--) {
 				if ((unsigned char)*vstr == CTLESC)
author	Denys Vlasenko	2022-03-01 09:56:54 +0100
committer	Denys Vlasenko	2022-03-01 09:56:54 +0100
commit	7750b5a25a8cf9081b7c248687c876d0068e85bb (patch)
tree	54ce5391f7899d104e010c810f27cf2f51817688
parent	fa52ac9781f479de8ab4d8526276244c0a0471f4 (diff)
download	busybox-7750b5a25a8cf9081b7c248687c876d0068e85bb.zip busybox-7750b5a25a8cf9081b7c248687c876d0068e85bb.tar.gz