58 lines
1.6 KiB
Plaintext
58 lines
1.6 KiB
Plaintext
|
BASH PATCH REPORT
|
||
|
=================
|
||
|
|
||
|
Bash-Release: 4.2
|
||
|
Patch-ID: bash42-033
|
||
|
|
||
|
Bug-Reported-by: David Leverton <levertond@googlemail.com>
|
||
|
Bug-Reference-ID: <4FCCE737.1060603@googlemail.com>
|
||
|
Bug-Reference-URL:
|
||
|
|
||
|
Bug-Description:
|
||
|
|
||
|
Bash uses a static buffer when expanding the /dev/fd prefix for the test
|
||
|
and conditional commands, among other uses, when it should use a dynamic
|
||
|
buffer to avoid buffer overflow.
|
||
|
|
||
|
Patch (apply with `patch -p0'):
|
||
|
|
||
|
*** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500
|
||
|
--- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400
|
||
|
***************
|
||
|
*** 83,86 ****
|
||
|
--- 83,88 ----
|
||
|
struct stat *finfo;
|
||
|
{
|
||
|
+ static char *pbuf = 0;
|
||
|
+
|
||
|
if (*path == '\0')
|
||
|
{
|
||
|
***************
|
||
|
*** 107,111 ****
|
||
|
On most systems, with the notable exception of linux, this is
|
||
|
effectively a no-op. */
|
||
|
! char pbuf[32];
|
||
|
strcpy (pbuf, DEV_FD_PREFIX);
|
||
|
strcat (pbuf, path + 8);
|
||
|
--- 109,113 ----
|
||
|
On most systems, with the notable exception of linux, this is
|
||
|
effectively a no-op. */
|
||
|
! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
|
||
|
strcpy (pbuf, DEV_FD_PREFIX);
|
||
|
strcat (pbuf, path + 8);
|
||
|
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
|
||
|
--- patchlevel.h Thu Feb 24 21:41:34 2011
|
||
|
***************
|
||
|
*** 26,30 ****
|
||
|
looks for to find the patch level (for the sccs version string). */
|
||
|
|
||
|
! #define PATCHLEVEL 32
|
||
|
|
||
|
#endif /* _PATCHLEVEL_H_ */
|
||
|
--- 26,30 ----
|
||
|
looks for to find the patch level (for the sccs version string). */
|
||
|
|
||
|
! #define PATCHLEVEL 33
|
||
|
|
||
|
#endif /* _PATCHLEVEL_H_ */
|