import ksh-20120801-253.el8_1
This commit is contained in:
		
							parent
							
								
									965126b874
								
							
						
					
					
						commit
						c4871f284b
					
				
							
								
								
									
										52
									
								
								SOURCES/ksh-20120801-cve-2019-14868.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										52
									
								
								SOURCES/ksh-20120801-cve-2019-14868.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,52 @@ | |||||||
|  | diff --git a/src/cmd/ksh93/sh/arith.c b/src/cmd/ksh93/sh/arith.c
 | ||||||
|  | --- a/src/cmd/ksh93/sh/arith.c
 | ||||||
|  | +++ b/src/cmd/ksh93/sh/arith.c
 | ||||||
|  | @@ -513,21 +513,34 @@ Sfdouble_t sh_strnum(register const char *str, char** ptr, int mode)
 | ||||||
|  |  	char base=(shp->inarith?0:10), *last; | ||||||
|  |  	if(*str==0) | ||||||
|  |  	{ | ||||||
|  | -		if(ptr)
 | ||||||
|  | -			*ptr = (char*)str;
 | ||||||
|  | -		return(0);
 | ||||||
|  | -	}
 | ||||||
|  | -	errno = 0;
 | ||||||
|  | -	d = strtonll(str,&last,&base,-1);
 | ||||||
|  | -	if(*last || errno)
 | ||||||
|  | -	{
 | ||||||
|  | -		if(!last || *last!='.' || last[1]!='.')
 | ||||||
|  | -			d = strval(shp,str,&last,arith,mode);
 | ||||||
|  | -		if(!ptr && *last && mode>0)
 | ||||||
|  | -			errormsg(SH_DICT,ERROR_exit(1),e_lexbadchar,*last,str);
 | ||||||
|  | +		d = 0.0;
 | ||||||
|  | +		last = (char*)str;
 | ||||||
|  | +	} else {
 | ||||||
|  | +		errno = 0;
 | ||||||
|  | +		d = strtonll(str,&last,&base,-1);
 | ||||||
|  | +		if (*last && !shp->inarith && sh_isstate(SH_INIT)) {
 | ||||||
|  | +			// This call is to handle "base#value" literals if we're importing untrusted env vars.
 | ||||||
|  | +			errno = 0;
 | ||||||
|  | +			d = strtonll(str, &last, NULL, -1);
 | ||||||
|  | +		}
 | ||||||
|  | +
 | ||||||
|  | +		if(*last || errno)
 | ||||||
|  | +		{
 | ||||||
|  | +			if (sh_isstate(SH_INIT)) {
 | ||||||
|  | +				// Initializing means importing untrusted env vars. Since the string does not appear
 | ||||||
|  | +				// to be a recognized numeric literal give up. We can't safely call strval() since
 | ||||||
|  | +				// that allows arbitrary expressions which would create a security vulnerability.
 | ||||||
|  | +				d = 0.0;
 | ||||||
|  | +			} else {
 | ||||||
|  | +				if(!last || *last!='.' || last[1]!='.')
 | ||||||
|  | +					d = strval(shp,str,&last,arith,mode);
 | ||||||
|  | +				if(!ptr && *last && mode>0)
 | ||||||
|  | +					errormsg(SH_DICT,ERROR_exit(1),e_lexbadchar,*last,str);
 | ||||||
|  | +			}
 | ||||||
|  | +		} else if (!d && *str=='-') {
 | ||||||
|  | +			d = -0.0;
 | ||||||
|  | +		}
 | ||||||
|  |  	} | ||||||
|  | -	else if (!d && *str=='-')
 | ||||||
|  | -		d = -0.0;
 | ||||||
|  |  	if(ptr) | ||||||
|  |  		*ptr = last; | ||||||
|  |  	return(d); | ||||||
| @ -6,7 +6,7 @@ Summary:      The Original ATT Korn Shell | |||||||
| URL:          http://www.kornshell.com/ | URL:          http://www.kornshell.com/ | ||||||
| License:      EPL | License:      EPL | ||||||
| Version:      %{releasedate} | Version:      %{releasedate} | ||||||
| Release:      252%{?dist} | Release:      253%{?dist} | ||||||
| Source0:      http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{release_date}.tgz | Source0:      http://www.research.att.com/~gsf/download/tgz/ast-ksh.%{release_date}.tgz | ||||||
| Source1:      http://www.research.att.com/~gsf/download/tgz/INIT.%{release_date}.tgz | Source1:      http://www.research.att.com/~gsf/download/tgz/INIT.%{release_date}.tgz | ||||||
| Source2:      kshcomp.conf | Source2:      kshcomp.conf | ||||||
| @ -214,6 +214,9 @@ Patch87: ksh-20120801-covsfix2.patch | |||||||
| # rhbz#1624125 | # rhbz#1624125 | ||||||
| Patch88: ksh-20120801-annocheck.patch | Patch88: ksh-20120801-annocheck.patch | ||||||
| 
 | 
 | ||||||
|  | # rhbz#1790547 | ||||||
|  | Patch89: ksh-20120801-cve-2019-14868.patch | ||||||
|  | 
 | ||||||
| Conflicts:    pdksh | Conflicts:    pdksh | ||||||
| Requires: coreutils, diffutils, chkconfig | Requires: coreutils, diffutils, chkconfig | ||||||
| BuildRequires: bison | BuildRequires: bison | ||||||
| @ -366,6 +369,10 @@ fi | |||||||
| %config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf | %config(noreplace) %{_sysconfdir}/binfmt.d/kshcomp.conf | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Wed Jan 08 2020 Siteshwar Vashisht <svashisht@redhat.com> - 20120801-253 | ||||||
|  | - Do not evaluate arithmetic expressions from environment variables at startup | ||||||
|  |   Resolves: #1790546 | ||||||
|  | 
 | ||||||
| * Tue Oct 16 2018 Siteshwar Vashisht <svashisht@redhat.com> - 20120801-252 | * Tue Oct 16 2018 Siteshwar Vashisht <svashisht@redhat.com> - 20120801-252 | ||||||
| - Use autosetup instead of setup in spec file | - Use autosetup instead of setup in spec file | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user