From 9cd23df32c7153673140a20b1cfc93f6c20fbd30 Mon Sep 17 00:00:00 2001 From: Siteshwar Vashisht Date: Thu, 29 Aug 2024 13:59:28 +0200 Subject: [PATCH] Fix issues identified by OpenScanHub Resolves: RHEL-44649 Signed-off-by: Siteshwar Vashisht --- bash-5.3-sast.patch | 186 ++++++++++++++++++++++++++++++++++++++++++++ bash.spec | 9 ++- 2 files changed, 194 insertions(+), 1 deletion(-) create mode 100644 bash-5.3-sast.patch diff --git a/bash-5.3-sast.patch b/bash-5.3-sast.patch new file mode 100644 index 0000000..c4a84c8 --- /dev/null +++ b/bash-5.3-sast.patch @@ -0,0 +1,186 @@ +diff --git a/arrayfunc.c b/arrayfunc.c +--- a/arrayfunc.c ++++ b/arrayfunc.c +@@ -208,7 +208,10 @@ bind_assoc_var_internal (entry, hash, key, value, flags) + newval = make_array_variable_value (entry, 0, key, value, flags); + + if (entry->assign_func) +- (*entry->assign_func) (entry, newval, 0, key); ++ { ++ (*entry->assign_func) (entry, newval, 0, key); ++ FREE (key); ++ } + else + assoc_insert (hash, key, newval); + +@@ -985,6 +988,7 @@ quote_compound_array_word (w, type) + if (t != w+ind) + free (t); + strcpy (nword + i, value); ++ free (value); + + return nword; + } +diff --git a/builtins/evalfile.c b/builtins/evalfile.c +--- a/builtins/evalfile.c ++++ b/builtins/evalfile.c +@@ -79,7 +79,8 @@ _evalfile (filename, flags) + { + volatile int old_interactive; + procenv_t old_return_catch; +- int return_val, fd, result, pflags, i, nnull; ++ int return_val, fd, result, pflags, nnull; ++ size_t i; + ssize_t nr; /* return value from read(2) */ + char *string; + struct stat finfo; +@@ -112,10 +113,10 @@ _evalfile (filename, flags) + + if (fd < 0 || (fstat (fd, &finfo) == -1)) + { +- i = errno; ++ result = errno; + if (fd >= 0) + close (fd); +- errno = i; ++ errno = result; + + file_error_and_exit: + if (((flags & FEVAL_ENOENTOK) == 0) || errno != ENOENT) +diff --git a/lib/readline/text.c b/lib/readline/text.c +--- a/lib/readline/text.c ++++ b/lib/readline/text.c +@@ -1409,8 +1409,7 @@ rl_change_case (int count, int op) + #if defined (HANDLE_MULTIBYTE) + WCHAR_T wc, nwc; + char mb[MB_LEN_MAX+1]; +- int mlen; +- size_t m; ++ size_t m, mlen; + mbstate_t mps; + #endif + +@@ -1479,12 +1478,13 @@ rl_change_case (int count, int op) + + memset (&ts, 0, sizeof (mbstate_t)); + mlen = WCRTOMB (mb, nwc, &ts); +- if (mlen < 0) ++ ++ if (MB_INVALIDCH (mlen)) + { + nwc = wc; + memset (&ts, 0, sizeof (mbstate_t)); + mlen = WCRTOMB (mb, nwc, &ts); +- if (mlen < 0) /* should not happen */ ++ if (MB_INVALIDCH (mlen)) /* should not happen */ + strncpy (mb, rl_line_buffer + start, mlen = m); + } + if (mlen > 0) +diff --git a/lib/readline/util.c b/lib/readline/util.c +--- a/lib/readline/util.c ++++ b/lib/readline/util.c +@@ -556,7 +556,10 @@ _rl_audit_tty (char *string) + size = strlen (string) + 1; + + if (NLMSG_SPACE (size) > MAX_AUDIT_MESSAGE_LENGTH) +- return; ++ { ++ close (fd); ++ return; ++ } + + memset (&req, 0, sizeof(req)); + req.nlh.nlmsg_len = NLMSG_SPACE (size); +diff --git a/lib/sh/casemod.c b/lib/sh/casemod.c +--- a/lib/sh/casemod.c ++++ b/lib/sh/casemod.c +@@ -111,8 +111,7 @@ sh_modcase (string, pat, flags) + #if defined (HANDLE_MULTIBYTE) + wchar_t nwc; + char mb[MB_LEN_MAX+1]; +- int mlen; +- size_t m; ++ size_t m, mlen; + mbstate_t state; + #endif + +@@ -254,8 +253,9 @@ singlebyte: + else + { + mlen = wcrtomb (mb, nwc, &state); +- if (mlen > 0) +- mb[mlen] = '\0'; ++ if (MB_INVALIDCH (mlen)) ++ strncpy (mb, string + start, mlen = m); ++ mb[mlen] = '\0'; + /* Don't assume the same width */ + strncpy (ret + retind, mb, mlen); + retind += mlen; +diff --git a/lib/sh/zwrite.c b/lib/sh/zwrite.c +--- a/lib/sh/zwrite.c ++++ b/lib/sh/zwrite.c +@@ -41,7 +41,9 @@ zwrite (fd, buf, nb) + char *buf; + size_t nb; + { +- int n, i, nt; ++ int nt; ++ size_t n; ++ ssize_t i; + + for (n = nb, nt = 0;;) + { +diff --git a/subst.c b/subst.c +--- a/subst.c ++++ b/subst.c +@@ -4287,12 +4287,17 @@ expand_string_dollar_quote (string, flags) + continue; + } + trans = locale_expand (t, 0, news-sindex, 0, &translen); +- free (t); + if (singlequote_translations && + ((news-sindex-1) != translen || STREQN (t, trans, translen) == 0)) +- t = sh_single_quote (trans); ++ { ++ free (t); ++ t = sh_single_quote (trans); ++ } + else +- t = sh_mkdoublequoted (trans, translen, 0); ++ { ++ free (t); ++ t = sh_mkdoublequoted (trans, translen, 0); ++ } + sindex = news; + } + #endif /* TRANSLATABLE_STRINGS */ +diff --git a/support/bashbug.sh.in b/support/bashbug.sh.in +--- a/support/bashbug.sh.in ++++ b/support/bashbug.sh.in +@@ -132,9 +132,9 @@ if [ -z "$DEFEDITOR" ] && [ -z "$EDITOR" ]; then + DEFEDITOR=emacs + elif [ -x /usr/bin/xemacs ]; then + DEFEDITOR=xemacs +- elif [ -x /usr/bin/vim; then ++ elif [ -x /usr/bin/vim ]; then + DEFEDITOR=vim +- elif [ -x /usr/bin/gvim; then ++ elif [ -x /usr/bin/gvim ]; then + DEFEDITOR=gvim + elif [ -x /usr/bin/nano ]; then + DEFEDITOR=nano +diff --git a/support/man2html.c b/support/man2html.c +--- a/support/man2html.c ++++ b/support/man2html.c +@@ -809,7 +809,7 @@ out_html(char *c) + } else if (output_possible) { + while (*c) { + outbuffer[obp++] = *c; +- if (*c == '\n' || obp > HUGE_STR_MAX) { ++ if (*c == '\n' || obp >= HUGE_STR_MAX) { + outbuffer[obp] = '\0'; + add_links(outbuffer); + obp = 0; +-- +2.46.0 + diff --git a/bash.spec b/bash.spec index 3e9789d..4578adb 100644 --- a/bash.spec +++ b/bash.spec @@ -6,7 +6,7 @@ Version: %{baseversion}.%{patchlevel} Name: bash Summary: The GNU Bourne Again shell -Release: 4%{?dist} +Release: 5%{?dist} License: GPL-3.0-or-later Url: https://www.gnu.org/software/bash Source0: https://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz @@ -93,6 +93,9 @@ Patch130: bash-configure-c99-2.patch # Enable audit logs Patch131: bash-4.3-audit.patch +# Fixes for issues found by OpenScanHub +Patch132: bash-5.3-sast.patch + BuildRequires: gcc BuildRequires: texinfo bison BuildRequires: ncurses-devel @@ -327,6 +330,10 @@ end %{_libdir}/pkgconfig/%{name}.pc %changelog +* Thu Aug 29 2024 Siteshwar Vashisht - 5.2.26-5 +- Fix issues identified by OpenScanHub + Resolves: RHEL-44649 + * Mon Jun 24 2024 Troy Dawson - 5.2.26-4 - Bump release for June 2024 mass rebuild