|
Ondrej Oprala |
f96c39 |
BASH PATCH REPORT
|
|
Ondrej Oprala |
f96c39 |
=================
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
Bash-Release: 4.3
|
|
Ondrej Oprala |
f96c39 |
Patch-ID: bash43-029
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
|
|
Ondrej Oprala |
f96c39 |
Bug-Reference-ID:
|
|
Ondrej Oprala |
f96c39 |
Bug-Reference-URL:
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
Bug-Description:
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
When bash is parsing a function definition that contains a here-document
|
|
Ondrej Oprala |
f96c39 |
delimited by end-of-file (or end-of-string), it leaves the closing delimiter
|
|
Ondrej Oprala |
f96c39 |
uninitialized. This can result in an invalid memory access when the parsed
|
|
Ondrej Oprala |
f96c39 |
function is later copied.
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
Patch (apply with `patch -p0'):
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
*** ../bash-4.3.28/make_cmd.c 2011-12-16 08:08:01.000000000 -0500
|
|
Ondrej Oprala |
f96c39 |
--- make_cmd.c 2014-10-02 11:24:23.000000000 -0400
|
|
Ondrej Oprala |
f96c39 |
***************
|
|
Ondrej Oprala |
f96c39 |
*** 693,696 ****
|
|
Ondrej Oprala |
f96c39 |
--- 693,697 ----
|
|
Ondrej Oprala |
f96c39 |
temp->redirector = source;
|
|
Ondrej Oprala |
f96c39 |
temp->redirectee = dest_and_filename;
|
|
Ondrej Oprala |
f96c39 |
+ temp->here_doc_eof = 0;
|
|
Ondrej Oprala |
f96c39 |
temp->instruction = instruction;
|
|
Ondrej Oprala |
f96c39 |
temp->flags = 0;
|
|
Ondrej Oprala |
f96c39 |
*** ../bash-4.3.28/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400
|
|
Ondrej Oprala |
f96c39 |
--- copy_cmd.c 2014-10-02 11:24:23.000000000 -0400
|
|
Ondrej Oprala |
f96c39 |
***************
|
|
Ondrej Oprala |
f96c39 |
*** 127,131 ****
|
|
Ondrej Oprala |
f96c39 |
case r_reading_until:
|
|
Ondrej Oprala |
f96c39 |
case r_deblank_reading_until:
|
|
Ondrej Oprala |
f96c39 |
! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
|
|
Ondrej Oprala |
f96c39 |
/*FALLTHROUGH*/
|
|
Ondrej Oprala |
f96c39 |
case r_reading_string:
|
|
Ondrej Oprala |
f96c39 |
--- 127,131 ----
|
|
Ondrej Oprala |
f96c39 |
case r_reading_until:
|
|
Ondrej Oprala |
f96c39 |
case r_deblank_reading_until:
|
|
Ondrej Oprala |
f96c39 |
! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
|
|
Ondrej Oprala |
f96c39 |
/*FALLTHROUGH*/
|
|
Ondrej Oprala |
f96c39 |
case r_reading_string:
|
|
Ondrej Oprala |
f96c39 |
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
|
|
Ondrej Oprala |
f96c39 |
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
|
|
Ondrej Oprala |
f96c39 |
***************
|
|
Ondrej Oprala |
f96c39 |
*** 26,30 ****
|
|
Ondrej Oprala |
f96c39 |
looks for to find the patch level (for the sccs version string). */
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
! #define PATCHLEVEL 26
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
#endif /* _PATCHLEVEL_H_ */
|
|
Ondrej Oprala |
f96c39 |
--- 26,30 ----
|
|
Ondrej Oprala |
f96c39 |
looks for to find the patch level (for the sccs version string). */
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
! #define PATCHLEVEL 29
|
|
Ondrej Oprala |
f96c39 |
|
|
Ondrej Oprala |
f96c39 |
#endif /* _PATCHLEVEL_H_ */
|