Add a null check in parameter_brace_transform() function

Resolves: CVE-2022-3715

bash-5.2-check-xform.patch

@@ -0,0 +1,12 @@
+diff --git a/subst.c b/subst.c
+--- a/subst.c
++++ b/subst.c
+@@ -7959,7 +7959,7 @@ parameter_brace_transform (varname, value, ind, xform, rtype, quoted, pflags, fl
+       return ((char *)NULL);
+     }
+ 
+-  if (valid_parameter_transform (xform) == 0)
++  if (xform[0] == 0 || valid_parameter_transform (xform) == 0)
+     {
+       this_command_name = oname;
+ #if 0 /* TAG: bash-5.2 Martin Schulte <gnu@schrader-schulte.de> 10/2020 */

bash.spec

@@ -6,7 +6,7 @@
 Version: %{baseversion}%{patchleveltag}
 Name: bash
 Summary: The GNU Bourne Again shell
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv3+
 Url: https://www.gnu.org/software/bash
 Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz
@@ -90,6 +90,9 @@ Patch128: bash-5.0-syslog-history.patch
 # 2115206 - String matching behaves differently on aarch64
 Patch129: bash-5.1-mbrtowc.patch
 
+# 2141576 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform
+Patch130: bash-5.2-check-xform.patch
+
 BuildRequires:  gcc
 BuildRequires: texinfo bison
 BuildRequires: ncurses-devel
@@ -321,6 +324,10 @@ end
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
+* Tue Nov 22 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-6
+- Add a null check in parameter_brace_transform() function
+  Resolves: CVE-2022-3715
+
 * Mon Aug 08 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-5
 - Fix an off by one error while calling mbrtowc()
   Resolves: #2115206