Hi, This is a fix for a use-after-free issue in the bash pattern substitution code in ash (related to STPUTC potentially causing the buffer to be reallocated). Most of these were fixed in 1.36.0 however one unguarded STPUTC remained which is fixed in the attached patch.
Thanks, Karsten
busybox-ash-another-uaf.patch
Description: Binary data
_______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
