Add a null check in parameter_brace_transform() function

Resolves: CVE-2022-3715
This commit is contained in:
Siteshwar Vashisht 2022-11-22 14:05:54 +01:00
parent bfa3f2c35f
commit 7c25b00c2a
2 changed files with 20 additions and 1 deletions

View File

@ -0,0 +1,12 @@
diff --git a/subst.c b/subst.c
--- a/subst.c
+++ b/subst.c
@@ -7959,7 +7959,7 @@ parameter_brace_transform (varname, value, ind, xform, rtype, quoted, pflags, fl
return ((char *)NULL);
}
- if (valid_parameter_transform (xform) == 0)
+ if (xform[0] == 0 || valid_parameter_transform (xform) == 0)
{
this_command_name = oname;
#if 0 /* TAG: bash-5.2 Martin Schulte <gnu@schrader-schulte.de> 10/2020 */

View File

@ -6,7 +6,7 @@
Version: %{baseversion}%{patchleveltag}
Name: bash
Summary: The GNU Bourne Again shell
Release: 5%{?dist}
Release: 6%{?dist}
License: GPLv3+
Url: https://www.gnu.org/software/bash
Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@ -90,6 +90,9 @@ Patch128: bash-5.0-syslog-history.patch
# 2115206 - String matching behaves differently on aarch64
Patch129: bash-5.1-mbrtowc.patch
# 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform
Patch130: bash-5.2-check-xform.patch
BuildRequires: gcc
BuildRequires: texinfo bison
BuildRequires: ncurses-devel
@ -321,6 +324,10 @@ end
%{_libdir}/pkgconfig/%{name}.pc
%changelog
* Tue Nov 22 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-6
- Add a null check in parameter_brace_transform() function
Resolves: CVE-2022-3715
* Mon Aug 08 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-5
- Fix an off by one error while calling mbrtowc()
Resolves: #2115206