Annotation of /updates/infra_2/bash/current/SOURCES/bash42-052

                             BASH PATCH REPORT
                             =================

Bash-Release:   4.2
Patch-ID:       bash42-052

Bug-Reported-by:        Michal Zalewski <lcamtuf@coredump.cx>
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

When bash is parsing a function definition that contains a here-document
delimited by end-of-file (or end-of-string), it leaves the closing delimiter
uninitialized.  This can result in an invalid memory access when the parsed
function is later copied.

Patch (apply with `patch -p0'):

*** ../bash-4.2.51/make_cmd.c   2009-09-11 17:26:12.000000000 -0400
--- make_cmd.c  2014-10-02 11:26:58.000000000 -0400
***************
*** 690,693 ****
--- 690,694 ----
    temp->redirector = source;
    temp->redirectee = dest_and_filename;
+   temp->here_doc_eof = 0;
    temp->instruction = instruction;
    temp->flags = 0;
*** ../bash-4.2.51/copy_cmd.c   2009-09-11 16:28:02.000000000 -0400
--- copy_cmd.c  2014-10-02 11:26:58.000000000 -0400
***************
*** 127,131 ****
      case r_reading_until:
      case r_deblank_reading_until:
!       new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
        /*FALLTHROUGH*/
      case r_reading_string:
--- 127,131 ----
      case r_reading_until:
      case r_deblank_reading_until:
!       new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
        /*FALLTHROUGH*/
      case r_reading_string:
*** ../bash-4.2-patched/patchlevel.h    Sat Jun 12 20:14:48 2010
--- patchlevel.h        Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 51
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 52
  
  #endif /* _PATCHLEVEL_H_ */
1	tmb	737739	BASH PATCH REPORT
2			=================
3
4			Bash-Release: 4.2
5			Patch-ID: bash42-052
6
7			Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
8			Bug-Reference-ID:
9			Bug-Reference-URL:
10
11			Bug-Description:
12
13			When bash is parsing a function definition that contains a here-document
14			delimited by end-of-file (or end-of-string), it leaves the closing delimiter
15			uninitialized. This can result in an invalid memory access when the parsed
16			function is later copied.
17
18			Patch (apply with `patch -p0'):
19
20			*** ../bash-4.2.51/make_cmd.c 2009-09-11 17:26:12.000000000 -0400
21			--- make_cmd.c 2014-10-02 11:26:58.000000000 -0400
22			***************
23			* 690,693 **
24			--- 690,694 ----
25			temp->redirector = source;
26			temp->redirectee = dest_and_filename;
27			+ temp->here_doc_eof = 0;
28			temp->instruction = instruction;
29			temp->flags = 0;
30			*** ../bash-4.2.51/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400
31			--- copy_cmd.c 2014-10-02 11:26:58.000000000 -0400
32			***************
33			* 127,131 **
34			case r_reading_until:
35			case r_deblank_reading_until:
36			! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
37			/FALLTHROUGH/
38			case r_reading_string:
39			--- 127,131 ----
40			case r_reading_until:
41			case r_deblank_reading_until:
42			! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
43			/FALLTHROUGH/
44			case r_reading_string:
45			*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
46			--- patchlevel.h Thu Feb 24 21:41:34 2011
47			***************
48			* 26,30 **
49			looks for to find the patch level (for the sccs version string). */
50
51			! #define PATCHLEVEL 51
52
53			#endif /* _PATCHLEVEL_H_ */
54			--- 26,30 ----
55			looks for to find the patch level (for the sccs version string). */
56
57			! #define PATCHLEVEL 52
58
59			#endif /* _PATCHLEVEL_H_ */