| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- BASH PATCH REPORT
- =================
- Bash-Release: 4.2
- Patch-ID: bash42-033
- Bug-Reported-by: David Leverton <levertond@googlemail.com>
- Bug-Reference-ID: <4FCCE737.1060603@googlemail.com>
- Bug-Reference-URL:
- Bug-Description:
- Bash uses a static buffer when expanding the /dev/fd prefix for the test
- and conditional commands, among other uses, when it should use a dynamic
- buffer to avoid buffer overflow.
- Patch (apply with `patch -p0'):
- *** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500
- --- ./lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400
- ***************
- *** 83,86 ****
- --- 83,88 ----
- struct stat *finfo;
- {
- + static char *pbuf = 0;
- +
- if (*path == '\0')
- {
- ***************
- *** 107,111 ****
- On most systems, with the notable exception of linux, this is
- effectively a no-op. */
- ! char pbuf[32];
- strcpy (pbuf, DEV_FD_PREFIX);
- strcat (pbuf, path + 8);
- --- 109,113 ----
- On most systems, with the notable exception of linux, this is
- effectively a no-op. */
- ! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
- strcpy (pbuf, DEV_FD_PREFIX);
- strcat (pbuf, path + 8);
- *** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
- --- ./patchlevel.h Thu Feb 24 21:41:34 2011
- ***************
- *** 26,30 ****
- looks for to find the patch level (for the sccs version string). */
-
- ! #define PATCHLEVEL 32
-
- #endif /* _PATCHLEVEL_H_ */
- --- 26,30 ----
- looks for to find the patch level (for the sccs version string). */
-
- ! #define PATCHLEVEL 33
-
- #endif /* _PATCHLEVEL_H_ */
|
