From c121fd80b89629b9b50242cbc8fb0fc6f4c48946 Mon Sep 17 00:00:00 2001 From: "Tim J. Robbins" Date: Tue, 8 Oct 2002 11:22:49 +0000 Subject: [PATCH] Do not strip CTL* escapes from redirection filenames in argstr(); they are later stripped with rmescapes() in expandarg(). If the filename has already been unescaped, doing it again in rmescapes() can walk off the end of the string, leading to memory corruption and eventually SIGSEGV. Noticed by: kris --- bin/sh/expand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/sh/expand.c b/bin/sh/expand.c index a8cad11e59b..73cedc07935 100644 --- a/bin/sh/expand.c +++ b/bin/sh/expand.c @@ -213,7 +213,7 @@ STATIC void argstr(char *p, int flag) { char c; - int quotes = flag & (EXP_FULL | EXP_CASE); /* do CTLESC */ + int quotes = flag & (EXP_FULL | EXP_CASE | EXP_REDIR); /* do CTLESC */ int firsteq = 1; if (*p == '~' && (flag & (EXP_TILDE | EXP_VARTILDE)))