You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.6 KiB
57 lines
1.6 KiB
BASH PATCH REPORT |
|
================= |
|
|
|
Bash-Release: 4.2 |
|
Patch-ID: bash42-033 |
|
|
|
Bug-Reported-by: David Leverton <levertond@googlemail.com> |
|
Bug-Reference-ID: <4FCCE737.1060603@googlemail.com> |
|
Bug-Reference-URL: |
|
|
|
Bug-Description: |
|
|
|
Bash uses a static buffer when expanding the /dev/fd prefix for the test |
|
and conditional commands, among other uses, when it should use a dynamic |
|
buffer to avoid buffer overflow. |
|
|
|
Patch (apply with `patch -p0'): |
|
|
|
*** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500 |
|
--- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400 |
|
*************** |
|
*** 83,86 **** |
|
--- 83,88 ---- |
|
struct stat *finfo; |
|
{ |
|
+ static char *pbuf = 0; |
|
+ |
|
if (*path == '\0') |
|
{ |
|
*************** |
|
*** 107,111 **** |
|
On most systems, with the notable exception of linux, this is |
|
effectively a no-op. */ |
|
! char pbuf[32]; |
|
strcpy (pbuf, DEV_FD_PREFIX); |
|
strcat (pbuf, path + 8); |
|
--- 109,113 ---- |
|
On most systems, with the notable exception of linux, this is |
|
effectively a no-op. */ |
|
! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); |
|
strcpy (pbuf, DEV_FD_PREFIX); |
|
strcat (pbuf, path + 8); |
|
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 |
|
--- patchlevel.h Thu Feb 24 21:41:34 2011 |
|
*************** |
|
*** 26,30 **** |
|
looks for to find the patch level (for the sccs version string). */ |
|
|
|
! #define PATCHLEVEL 32 |
|
|
|
#endif /* _PATCHLEVEL_H_ */ |
|
--- 26,30 ---- |
|
looks for to find the patch level (for the sccs version string). */ |
|
|
|
! #define PATCHLEVEL 33 |
|
|
|
#endif /* _PATCHLEVEL_H_ */
|
|
|