Fix CVE-2018-7549: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549 Patch copied from upstream source repository: https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd From c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd Mon Sep 17 00:00:00 2001 From: Stephane Chazelas Date: Fri, 22 Dec 2017 22:17:09 +0000 Subject: [PATCH] Avoid crash copying empty hash table. Visible with typeset -p. --- ChangeLog | 2 ++ Src/params.c | 11 +++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) #diff --git a/ChangeLog b/ChangeLog #index f74c26b88..e3628cfa7 100644 #--- a/ChangeLog #+++ b/ChangeLog #@@ -1,5 +1,7 @@ # 2018-01-04 Peter Stephenson # #+ * Stephane: 42159: Src/params.c: avoid crash copying empty hash table. #+ # * Sebastian: 42188: Src/Modules/system.c: It is necessary to # close the lock descriptor in some failure cases. # diff --git a/Src/params.c b/Src/params.c index 31ff0445b..de7730ae7 100644 --- a/Src/params.c +++ b/Src/params.c @@ -549,10 +549,13 @@ scancopyparams(HashNode hn, UNUSED(int flags)) HashTable copyparamtable(HashTable ht, char *name) { - HashTable nht = newparamtable(ht->hsize, name); - outtable = nht; - scanhashtable(ht, 0, 0, 0, scancopyparams, 0); - outtable = NULL; + HashTable nht = 0; + if (ht) { + nht = newparamtable(ht->hsize, name); + outtable = nht; + scanhashtable(ht, 0, 0, 0, scancopyparams, 0); + outtable = NULL; + } return nht; } -- 2.16.2