]>
Commit | Line | Data |
---|---|---|
e5ec3c9c ER |
1 | BASH PATCH REPORT |
2 | ================= | |
3 | ||
4 | Bash-Release: 4.2 | |
5 | Patch-ID: bash42-033 | |
6 | ||
7 | Bug-Reported-by: David Leverton <levertond@googlemail.com> | |
8 | Bug-Reference-ID: <4FCCE737.1060603@googlemail.com> | |
9 | Bug-Reference-URL: | |
10 | ||
11 | Bug-Description: | |
12 | ||
13 | Bash uses a static buffer when expanding the /dev/fd prefix for the test | |
14 | and conditional commands, among other uses, when it should use a dynamic | |
15 | buffer to avoid buffer overflow. | |
16 | ||
17 | Patch (apply with `patch -p0'): | |
18 | ||
19 | *** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500 | |
20 | --- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400 | |
21 | *************** | |
22 | *** 83,86 **** | |
23 | --- 83,88 ---- | |
24 | struct stat *finfo; | |
25 | { | |
26 | + static char *pbuf = 0; | |
27 | + | |
28 | if (*path == '\0') | |
29 | { | |
30 | *************** | |
31 | *** 107,111 **** | |
32 | On most systems, with the notable exception of linux, this is | |
33 | effectively a no-op. */ | |
34 | ! char pbuf[32]; | |
35 | strcpy (pbuf, DEV_FD_PREFIX); | |
36 | strcat (pbuf, path + 8); | |
37 | --- 109,113 ---- | |
38 | On most systems, with the notable exception of linux, this is | |
39 | effectively a no-op. */ | |
40 | ! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); | |
41 | strcpy (pbuf, DEV_FD_PREFIX); | |
42 | strcat (pbuf, path + 8); | |
43 | *** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 | |
44 | --- patchlevel.h Thu Feb 24 21:41:34 2011 | |
45 | *************** | |
46 | *** 26,30 **** | |
47 | looks for to find the patch level (for the sccs version string). */ | |
48 | ||
49 | ! #define PATCHLEVEL 32 | |
50 | ||
51 | #endif /* _PATCHLEVEL_H_ */ | |
52 | --- 26,30 ---- | |
53 | looks for to find the patch level (for the sccs version string). */ | |
54 | ||
55 | ! #define PATCHLEVEL 33 | |
56 | ||
57 | #endif /* _PATCHLEVEL_H_ */ |