1 |
tmb |
737739 |
BASH PATCH REPORT |
2 |
|
|
================= |
3 |
|
|
|
4 |
|
|
Bash-Release: 4.2 |
5 |
|
|
Patch-ID: bash42-052 |
6 |
|
|
|
7 |
|
|
Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx> |
8 |
|
|
Bug-Reference-ID: |
9 |
|
|
Bug-Reference-URL: |
10 |
|
|
|
11 |
|
|
Bug-Description: |
12 |
|
|
|
13 |
|
|
When bash is parsing a function definition that contains a here-document |
14 |
|
|
delimited by end-of-file (or end-of-string), it leaves the closing delimiter |
15 |
|
|
uninitialized. This can result in an invalid memory access when the parsed |
16 |
|
|
function is later copied. |
17 |
|
|
|
18 |
|
|
Patch (apply with `patch -p0'): |
19 |
|
|
|
20 |
|
|
*** ../bash-4.2.51/make_cmd.c 2009-09-11 17:26:12.000000000 -0400 |
21 |
|
|
--- make_cmd.c 2014-10-02 11:26:58.000000000 -0400 |
22 |
|
|
*************** |
23 |
|
|
*** 690,693 **** |
24 |
|
|
--- 690,694 ---- |
25 |
|
|
temp->redirector = source; |
26 |
|
|
temp->redirectee = dest_and_filename; |
27 |
|
|
+ temp->here_doc_eof = 0; |
28 |
|
|
temp->instruction = instruction; |
29 |
|
|
temp->flags = 0; |
30 |
|
|
*** ../bash-4.2.51/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400 |
31 |
|
|
--- copy_cmd.c 2014-10-02 11:26:58.000000000 -0400 |
32 |
|
|
*************** |
33 |
|
|
*** 127,131 **** |
34 |
|
|
case r_reading_until: |
35 |
|
|
case r_deblank_reading_until: |
36 |
|
|
! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); |
37 |
|
|
/*FALLTHROUGH*/ |
38 |
|
|
case r_reading_string: |
39 |
|
|
--- 127,131 ---- |
40 |
|
|
case r_reading_until: |
41 |
|
|
case r_deblank_reading_until: |
42 |
|
|
! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; |
43 |
|
|
/*FALLTHROUGH*/ |
44 |
|
|
case r_reading_string: |
45 |
|
|
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 |
46 |
|
|
--- patchlevel.h Thu Feb 24 21:41:34 2011 |
47 |
|
|
*************** |
48 |
|
|
*** 26,30 **** |
49 |
|
|
looks for to find the patch level (for the sccs version string). */ |
50 |
|
|
|
51 |
|
|
! #define PATCHLEVEL 51 |
52 |
|
|
|
53 |
|
|
#endif /* _PATCHLEVEL_H_ */ |
54 |
|
|
--- 26,30 ---- |
55 |
|
|
looks for to find the patch level (for the sccs version string). */ |
56 |
|
|
|
57 |
|
|
! #define PATCHLEVEL 52 |
58 |
|
|
|
59 |
|
|
#endif /* _PATCHLEVEL_H_ */ |