/[packages]/updates/infra_2/bash/current/SOURCES/bash42-053
ViewVC logotype

Contents of /updates/infra_2/bash/current/SOURCES/bash42-053

Parent Directory Parent Directory | Revision Log Revision Log


Revision 737739 - (show annotations) (download)
Thu Oct 9 15:11:07 2014 UTC (6 years, 9 months ago) by tmb
File size: 3859 byte(s)
sync with MGAA-2014-0180 to get all security and parser fixes
1 BASH PATCH REPORT
2 =================
3
4 Bash-Release: 4.2
5 Patch-ID: bash42-053
6
7 Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
8 Bug-Reference-ID:
9 Bug-Reference-URL:
10
11 Bug-Description:
12
13 A combination of nested command substitutions and function importing from
14 the environment can cause bash to execute code appearing in the environment
15 variable value following the function definition.
16
17 Patch (apply with `patch -p0'):
18
19 *** ../bash-4.2.52/builtins/evalstring.c 2014-09-16 19:35:45.000000000 -0400
20 --- builtins/evalstring.c 2014-10-04 15:00:26.000000000 -0400
21 ***************
22 *** 262,271 ****
23 struct fd_bitmap *bitmap;
24
25 ! if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
26 {
27 ! internal_warning ("%s: ignoring function definition attempt", from_file);
28 ! should_jump_to_top_level = 0;
29 ! last_result = last_command_exit_value = EX_BADUSAGE;
30 ! break;
31 }
32
33 --- 262,284 ----
34 struct fd_bitmap *bitmap;
35
36 ! if (flags & SEVAL_FUNCDEF)
37 {
38 ! char *x;
39 !
40 ! /* If the command parses to something other than a straight
41 ! function definition, or if we have not consumed the entire
42 ! string, or if the parser has transformed the function
43 ! name (as parsing will if it begins or ends with shell
44 ! whitespace, for example), reject the attempt */
45 ! if (command->type != cm_function_def ||
46 ! ((x = parser_remaining_input ()) && *x) ||
47 ! (STREQ (from_file, command->value.Function_def->name->word) == 0))
48 ! {
49 ! internal_warning (_("%s: ignoring function definition attempt"), from_file);
50 ! should_jump_to_top_level = 0;
51 ! last_result = last_command_exit_value = EX_BADUSAGE;
52 ! reset_parser ();
53 ! break;
54 ! }
55 }
56
57 ***************
58 *** 332,336 ****
59
60 if (flags & SEVAL_ONECMD)
61 ! break;
62 }
63 }
64 --- 345,352 ----
65
66 if (flags & SEVAL_ONECMD)
67 ! {
68 ! reset_parser ();
69 ! break;
70 ! }
71 }
72 }
73 *** ../bash-4.2.52/parse.y 2014-09-30 19:24:19.000000000 -0400
74 --- parse.y 2014-10-04 15:00:26.000000000 -0400
75 ***************
76 *** 2436,2439 ****
77 --- 2436,2449 ----
78 }
79
80 + char *
81 + parser_remaining_input ()
82 + {
83 + if (shell_input_line == 0)
84 + return 0;
85 + if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
86 + return '\0'; /* XXX */
87 + return (shell_input_line + shell_input_line_index);
88 + }
89 +
90 #ifdef INCLUDE_UNUSED
91 /* Back the input pointer up by one, effectively `ungetting' a character. */
92 ***************
93 *** 3891,3896 ****
94 /* reset_parser clears shell_input_line and associated variables */
95 restore_input_line_state (&ls);
96 ! if (interactive)
97 ! token_to_read = 0;
98
99 /* Need to find how many characters parse_and_execute consumed, update
100 --- 3901,3906 ----
101 /* reset_parser clears shell_input_line and associated variables */
102 restore_input_line_state (&ls);
103 !
104 ! token_to_read = 0;
105
106 /* Need to find how many characters parse_and_execute consumed, update
107 *** ../bash-4.2.52/shell.h 2011-11-21 18:03:32.000000000 -0500
108 --- shell.h 2014-10-04 15:00:26.000000000 -0400
109 ***************
110 *** 178,181 ****
111 --- 178,183 ----
112
113 /* Let's try declaring these here. */
114 + extern char *parser_remaining_input __P((void));
115 +
116 extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
117 extern void restore_parser_state __P((sh_parser_state_t *));
118 *** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
119 --- patchlevel.h Thu Feb 24 21:41:34 2011
120 ***************
121 *** 26,30 ****
122 looks for to find the patch level (for the sccs version string). */
123
124 ! #define PATCHLEVEL 52
125
126 #endif /* _PATCHLEVEL_H_ */
127 --- 26,30 ----
128 looks for to find the patch level (for the sccs version string). */
129
130 ! #define PATCHLEVEL 53
131
132 #endif /* _PATCHLEVEL_H_ */

  ViewVC Help
Powered by ViewVC 1.1.28