Rich Felker wrote: >I suspect it can easily be made to do arbitrary code execution when >otherwise-safe (e.g. checked against whitelist for special chars) >strings from untrusted input are expanded inside eval commands. > >Any new use of VLA/alloca should be completely banned. It's basically >always an exploitable bug.
I certainly don't want to be responsible for the next Shellshock. Following up with a patch to revert the use of alloca. The old code was ugly but at least it should be safe. I can't see any other way to do it. I did spot an opportunity to save a few bytes, though, so there's a second patch to partly make up for the loss of the 66 byte saving in the reverted patch. Ron _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox