Blame SOURCES/bash42-033

ff19ae
			     BASH PATCH REPORT
ff19ae
			     =================
ff19ae
ff19ae
Bash-Release:	4.2
ff19ae
Patch-ID:	bash42-033
ff19ae
ff19ae
Bug-Reported-by:	David Leverton <levertond@googlemail.com>
ff19ae
Bug-Reference-ID:	<4FCCE737.1060603@googlemail.com>
ff19ae
Bug-Reference-URL:
ff19ae
ff19ae
Bug-Description:
ff19ae
ff19ae
Bash uses a static buffer when expanding the /dev/fd prefix for the test
ff19ae
and conditional commands, among other uses, when it should use a dynamic
ff19ae
buffer to avoid buffer overflow.
ff19ae
ff19ae
Patch (apply with `patch -p0'):
ff19ae
ff19ae
*** ../bash-4.2-patched/lib/sh/eaccess.c	2011-01-08 20:50:10.000000000 -0500
ff19ae
--- lib/sh/eaccess.c	2012-06-04 21:06:43.000000000 -0400
ff19ae
***************
ff19ae
*** 83,86 ****
ff19ae
--- 83,88 ----
ff19ae
       struct stat *finfo;
ff19ae
  {
ff19ae
+   static char *pbuf = 0;
ff19ae
+ 
ff19ae
    if (*path == '\0')
ff19ae
      {
ff19ae
***************
ff19ae
*** 107,111 ****
ff19ae
       On most systems, with the notable exception of linux, this is
ff19ae
       effectively a no-op. */
ff19ae
!       char pbuf[32];
ff19ae
        strcpy (pbuf, DEV_FD_PREFIX);
ff19ae
        strcat (pbuf, path + 8);
ff19ae
--- 109,113 ----
ff19ae
       On most systems, with the notable exception of linux, this is
ff19ae
       effectively a no-op. */
ff19ae
!       pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
ff19ae
        strcpy (pbuf, DEV_FD_PREFIX);
ff19ae
        strcat (pbuf, path + 8);
ff19ae
*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
ff19ae
--- patchlevel.h	Thu Feb 24 21:41:34 2011
ff19ae
***************
ff19ae
*** 26,30 ****
ff19ae
     looks for to find the patch level (for the sccs version string). */
ff19ae
  
ff19ae
! #define PATCHLEVEL 32
ff19ae
  
ff19ae
  #endif /* _PATCHLEVEL_H_ */
ff19ae
--- 26,30 ----
ff19ae
     looks for to find the patch level (for the sccs version string). */
ff19ae
  
ff19ae
! #define PATCHLEVEL 33
ff19ae
  
ff19ae
  #endif /* _PATCHLEVEL_H_ */