Fix heredocs crash/hangup on Solaris/illumos in interactive shells

This was first reported in att#1472. Attempting to cancel a heredoc with ^C or ^D can cause ksh to crash with a segfault, or hangup and fill /tmp with files. Copy of the reproducer: $ cat << EOS > <Press Ctrl+C or Ctrl+D> src/cmd/ksh93/sh/main.c: - Reset the lexer state in an interactive shell if here-document creation was cancelled. This patch has been adapted from Solaris: https://github.com/oracle/solaris-userland/blob/e478b48/components/ksh93/patches/400-29444429.patch Due to the nature of this bug, I've skipped adding a regression test as it risks causing pty to hang up if run against an older release of ksh93 (cf. ksh93#356).
JohnoKing · Feb 16, 2024 · b4854c1 · b4854c1
1 parent ad2cb4a
commit b4854c1
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/cmd/ksh93/sh/main.c b/src/cmd/ksh93/sh/main.c
@@ -453,6 +453,20 @@ static void	exfile(Sfio_t *iop,int fno)
 			while(top=sfstack(iop,SF_POPSTACK))
 				sfclose(top);
 		}
+		/*
+		 * Reset the lexer state and make sure the heredocs file is
+		 * closed and set to NULL. For now we only do this when we get
+		 * here in an interactive shell and we have a left-over heredoc.
+		 */
+		if(sh_isstate(SH_INTERACTIVE) && jmpval==SH_JMPERREXIT && sh.heredocs)
+		{
+			Lex_t *lp;
+			sfclose(sh.heredocs);
+			sh.heredocs = NULL;
+			lp = (Lex_t*)sh.lex_context;
+			lp->heredoc = NULL;
+			sh_lexopen(lp,0);
+		}
 		/* make sure that we own the terminal */
 		tcsetpgrp(job.fd,sh.pid);
 	}