From 7f72ed0707f2c0dcc84c8230c49794241b4924a1 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 16 Sep 2021 15:44:25 +0200
Subject: [PATCH] vshCmddefCheckInternals: Sanitize command alias validation

We don't need to validate the real command twice, but it's better to
check that the real command name exists and it's not an alias to prevent
loops.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 tools/vsh.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/tools/vsh.c b/tools/vsh.c
index eb17a58dc0..05da50eace 100644
--- a/tools/vsh.c
+++ b/tools/vsh.c
@@ -269,11 +269,27 @@ vshCmddefCheckInternals(vshControl *ctl,
 
     /* in order to perform the validation resolve the alias first */
     if (cmd->flags & VSH_CMD_FLAG_ALIAS) {
+        const vshCmdDef *alias;
+
         if (!cmd->alias) {
             vshError(ctl, _("command '%s' has inconsistent alias"), cmd->name);
             return -1;
         }
-        cmd = vshCmddefSearch(cmd->alias);
+
+        if (!(alias = vshCmddefSearch(cmd->alias))) {
+            vshError(ctl, _("command alias '%s' is pointing to a non-existant command '%s'"),
+                     cmd->name, cmd->alias);
+            return -1;
+        }
+
+        if (alias->flags & VSH_CMD_FLAG_ALIAS) {
+            vshError(ctl, _("command alias '%s' is pointing to another command alias '%s'"),
+                     cmd->name, cmd->alias);
+            return -1;
+        }
+
+        /* we don't need to continue as the real command will be checked separately */
+        return 0;
     }
 
     /* Each command has to provide a non-empty help string. */