[packages/bash.git] / bash42-033

			     BASH PATCH REPORT
			     =================

Bash-Release:	4.2
Patch-ID:	bash42-033

Bug-Reported-by:	David Leverton <levertond@googlemail.com>
Bug-Reference-ID:	<4FCCE737.1060603@googlemail.com>
Bug-Reference-URL:

Bug-Description:

Bash uses a static buffer when expanding the /dev/fd prefix for the test
and conditional commands, among other uses, when it should use a dynamic
buffer to avoid buffer overflow.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/sh/eaccess.c	2011-01-08 20:50:10.000000000 -0500
--- lib/sh/eaccess.c	2012-06-04 21:06:43.000000000 -0400
***************
*** 83,86 ****
--- 83,88 ----
       struct stat *finfo;
  {
+   static char *pbuf = 0;
+ 
    if (*path == '\0')
      {
***************
*** 107,111 ****
       On most systems, with the notable exception of linux, this is
       effectively a no-op. */
!       char pbuf[32];
        strcpy (pbuf, DEV_FD_PREFIX);
        strcat (pbuf, path + 8);
--- 109,113 ----
       On most systems, with the notable exception of linux, this is
       effectively a no-op. */
!       pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
        strcpy (pbuf, DEV_FD_PREFIX);
        strcat (pbuf, path + 8);
*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
--- patchlevel.h	Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 32
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 33
  
  #endif /* _PATCHLEVEL_H_ */
Commit	Line	Data
e5ec3c9c ER	1	BASH PATCH REPORT
	2	=================
	3
	4	Bash-Release: 4.2
	5	Patch-ID: bash42-033
	6
	7	Bug-Reported-by: David Leverton <levertond@googlemail.com>
	8	Bug-Reference-ID: <4FCCE737.1060603@googlemail.com>
	9	Bug-Reference-URL:
	10
	11	Bug-Description:
	12
	13	Bash uses a static buffer when expanding the /dev/fd prefix for the test
	14	and conditional commands, among other uses, when it should use a dynamic
	15	buffer to avoid buffer overflow.
	16
	17	Patch (apply with `patch -p0'):
	18
	19	*** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500
	20	--- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400
	21	***************
	22	* 83,86 **
	23	--- 83,88 ----
	24	struct stat *finfo;
	25	{
	26	+ static char *pbuf = 0;
	27	+
	28	if (*path == '\0')
	29	{
	30	***************
	31	* 107,111 **
	32	On most systems, with the notable exception of linux, this is
	33	effectively a no-op. */
	34	! char pbuf[32];
	35	strcpy (pbuf, DEV_FD_PREFIX);
	36	strcat (pbuf, path + 8);
	37	--- 109,113 ----
	38	On most systems, with the notable exception of linux, this is
	39	effectively a no-op. */
	40	! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
	41	strcpy (pbuf, DEV_FD_PREFIX);
	42	strcat (pbuf, path + 8);
	43	*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
	44	--- patchlevel.h Thu Feb 24 21:41:34 2011
	45	***************
	46	* 26,30 **
	47	looks for to find the patch level (for the sccs version string). */
	48
	49	! #define PATCHLEVEL 32
	50
	51	#endif /* _PATCHLEVEL_H_ */
	52	--- 26,30 ----
	53	looks for to find the patch level (for the sccs version string). */
	54
	55	! #define PATCHLEVEL 33
	56
	57	#endif /* _PATCHLEVEL_H_ */