diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2015-10-20 16:34:01 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-10-20 16:34:46 -0400 |
| commit | d3b9fc42cadf308da7fab21c338cca55aa778ae7 (patch) | |
| tree | fc9e3a27659f2fd78239a3ba120b5b5945feaf39 /app-shells/bash/files | |
| parent | dev-util/catalyst: recent commits require newer snakeoil (diff) | |
| download | gentoo-d3b9fc42cadf308da7fab21c338cca55aa778ae7.tar.gz gentoo-d3b9fc42cadf308da7fab21c338cca55aa778ae7.tar.bz2 gentoo-d3b9fc42cadf308da7fab21c338cca55aa778ae7.zip | |
app-shells/bash: backport /dev/fd fix to older versions #431850
Diffstat (limited to 'app-shells/bash/files')
| -rw-r--r-- | app-shells/bash/files/bash-3.1-dev-fd-buffer-overflow.patch | 16 | ||||
| -rw-r--r-- | app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch | 46 |
2 files changed, 62 insertions, 0 deletions
diff --git a/app-shells/bash/files/bash-3.1-dev-fd-buffer-overflow.patch b/app-shells/bash/files/bash-3.1-dev-fd-buffer-overflow.patch new file mode 100644 index 000000000000..9d08856e5b00 --- /dev/null +++ b/app-shells/bash/files/bash-3.1-dev-fd-buffer-overflow.patch @@ -0,0 +1,16 @@ +https://bugs.gentoo.org/431850 + +this is a backport of the upstream bash42-033 patch for bash 3.1/3.0/2.05 + +--- a/test.c ++++ b/test.c +@@ -194,7 +194,8 @@ + trailing slash. Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx. + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +- char pbuf[32]; ++ static char *pbuf = 0; ++ pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); + return (stat (pbuf, finfo)); diff --git a/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch b/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch new file mode 100644 index 000000000000..bef960ab980c --- /dev/null +++ b/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch @@ -0,0 +1,46 @@ +https://bugs.gentoo.org/431850 + +this is a minor tweak to the upstream patch to also apply to bash 4.1/4.0/3.2 + + BASH PATCH REPORT + ================= + +Bash-Release: 4.2 +Patch-ID: bash42-033 + +Bug-Reported-by: David Leverton <levertond@googlemail.com> +Bug-Reference-ID: <4FCCE737.1060603@googlemail.com> +Bug-Reference-URL: + +Bug-Description: + +Bash uses a static buffer when expanding the /dev/fd prefix for the test +and conditional commands, among other uses, when it should use a dynamic +buffer to avoid buffer overflow. + +Patch (apply with `patch -p0'): + +*** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500 +--- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400 +*************** +*** 83,86 **** +--- 83,88 ---- + struct stat *finfo; + { ++ static char *pbuf = 0; ++ + if (*path == '\0') + { +*************** +*** 107,111 **** + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +! char pbuf[32]; + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); +--- 109,113 ---- + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); |