Bug 1729997 - Regression introduced by CVE-2017-18206
Summary: Regression introduced by CVE-2017-18206
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: zsh
Version: 7.6
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Kamil Dudka
QA Contact: Karel Volný
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-15 14:23 UTC by Renaud Métrich
Modified: 2020-02-07 09:23 UTC (History)
2 users (show)

Fixed In Version: zsh-5.0.2-34.el7
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Renaud Métrich 2019-07-15 14:23:39 UTC
Description of problem:

A customer reported a regression in zsh-5.0.2-31.el7.x86_64 compared to zsh-5.0.2-28.el7.x86_64 around "chaselinks" option:

$ unsetopt chaselinks; cd /
$ setopt chaselinks; cd /
zsh: path expansion failed, using root directory


Version-Release number of selected component (if applicable):

zsh-5.0.2-31.el7.x86_64


How reproducible:

Always, see above with zsh-5.0.2-31.el7.x86_64


Additional info:

Patch 34 (zsh-5.0.2-CVE-2014-10072.patch) introduces the regression.
I was able to fix it by backporting some additional code.

Comment 3 Kamil Dudka 2019-07-15 15:14:13 UTC
Thank you for debugging it and providing the patch!  It looks good to me.


Note You need to log in before you can comment on or make changes to this bug.