| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-003
- Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- BASH PATCH REPORT
- =================
- Bash-Release: 4.4
- Patch-ID: bash44-003
- Bug-Reported-by: op7ic \x00 <op7ica@gmail.com>
- Bug-Reference-ID: <CAFHyJTopWC5Jx+U7WcvxSZKu+KrqSf+_3sHPiRWo=VzXSiPq=w@mail.gmail.com>
- Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00005.html
- Bug-Description:
- Specially-crafted input, in this case an incomplete pathname expansion
- bracket expression containing an invalid collating symbol, can cause the
- shell to crash.
- Patch (apply with `patch -p0'):
- *** a/bash-4.4/lib/glob/sm_loop.c 2016-04-10 11:23:21.000000000 -0400
- --- b/lib/glob/sm_loop.c 2016-11-02 14:03:34.000000000 -0400
- ***************
- *** 331,334 ****
- --- 331,340 ----
- if (p[pc] == L('.') && p[pc+1] == L(']'))
- break;
- + if (p[pc] == 0)
- + {
- + if (vp)
- + *vp = INVALID;
- + return (p + pc);
- + }
- val = COLLSYM (p, pc);
- if (vp)
- ***************
- *** 484,487 ****
- --- 490,496 ----
- c = FOLD (c);
-
- + if (c == L('\0'))
- + return ((test == L('[')) ? savep : (CHAR *)0);
- +
- if ((flags & FNM_PATHNAME) && c == L('/'))
- /* [/] can never match when matching a pathname. */
- *** a/bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
- --- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400
- ***************
- *** 26,30 ****
- looks for to find the patch level (for the sccs version string). */
-
- ! #define PATCHLEVEL 2
-
- #endif /* _PATCHLEVEL_H_ */
- --- 26,30 ----
- looks for to find the patch level (for the sccs version string). */
-
- ! #define PATCHLEVEL 3
-
- #endif /* _PATCHLEVEL_H_ */
|
