LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1628 Commits
1 Branch
46 MiB
Tree: d6330508bc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd6330508bc'
${ noResults }
openwrt-packages-dist/utils/bash/patches/125-upstream-bash43-025.patch

110 lines
3.4 KiB
Raw Normal View History

bash: Update to 4.3.25 Fixes CVE-2014-6271. Signed-off-by: Marcel Denia <naoir@gmx.net>
10 years ago
 
  1. 			     BASH PATCH REPORT
  2. 			     =================
  3. 

  4. Bash-Release:	4.3
  5. Patch-ID:	bash43-025
  6. 

  7. Bug-Reported-by:	Stephane Chazelas <stephane.chazelas@gmail.com>
  8. Bug-Reference-ID:
  9. Bug-Reference-URL:
  10. 

  11. Bug-Description:
  12. 

  13. Under certain circumstances, bash will execute user code while processing the
  14. environment for exported function definitions.
  15. 

  16. Patch (apply with `patch -p0'):
  17. 

  18. --- a/builtins/common.h

  19. +++ b/builtins/common.h

  20. @@ -33,6 +33,8 @@

  21.  #define SEVAL_RESETLINE	0x010
  22.  #define SEVAL_PARSEONLY	0x020
  23.  #define SEVAL_NOLONGJMP 0x040
  24. +#define SEVAL_FUNCDEF	0x080		/* only allow function definitions */

  25. +#define SEVAL_ONECMD	0x100		/* only allow a single command */

  26.  
  27.  /* Flags for describe_command, shared between type.def and command.def */
  28.  #define CDESC_ALL		0x001	/* type -a */
  29. --- a/builtins/evalstring.c

  30. +++ b/builtins/evalstring.c

  31. @@ -308,6 +308,14 @@ parse_and_execute (string, from_file, fl

  32.  	    {
  33.  	      struct fd_bitmap *bitmap;
  34.  
  35. +	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)

  36. +		{

  37. +		  internal_warning ("%s: ignoring function definition attempt", from_file);

  38. +		  should_jump_to_top_level = 0;

  39. +		  last_result = last_command_exit_value = EX_BADUSAGE;

  40. +		  break;

  41. +		}

  42. +

  43.  	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
  44.  	      begin_unwind_frame ("pe_dispose");
  45.  	      add_unwind_protect (dispose_fd_bitmap, bitmap);
  46. @@ -368,6 +376,9 @@ parse_and_execute (string, from_file, fl

  47.  	      dispose_command (command);
  48.  	      dispose_fd_bitmap (bitmap);
  49.  	      discard_unwind_frame ("pe_dispose");
  50. +

  51. +	      if (flags & SEVAL_ONECMD)

  52. +		break;

  53.  	    }
  54.  	}
  55.        else
  56. --- a/variables.c

  57. +++ b/variables.c

  58. @@ -358,13 +358,11 @@ initialize_shell_variables (env, privmod

  59.  	  temp_string[char_index] = ' ';
  60.  	  strcpy (temp_string + char_index + 1, string);
  61.  
  62. -	  if (posixly_correct == 0 || legal_identifier (name))

  63. -	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);

  64. -

  65. -	  /* Ancient backwards compatibility.  Old versions of bash exported

  66. -	     functions like name()=() {...} */

  67. -	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')

  68. -	    name[char_index - 2] = '\0';

  69. +	  /* Don't import function names that are invalid identifiers from the

  70. +	     environment, though we still allow them to be defined as shell

  71. +	     variables. */

  72. +	  if (legal_identifier (name))

  73. +	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);

  74.  
  75.  	  if (temp_var = find_function (name))
  76.  	    {
  77. @@ -381,10 +379,6 @@ initialize_shell_variables (env, privmod

  78.  	      last_command_exit_value = 1;
  79.  	      report_error (_("error importing function definition for `%s'"), name);
  80.  	    }
  81. -

  82. -	  /* ( */

  83. -	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')

  84. -	    name[char_index - 2] = '(';		/* ) */

  85.  	}
  86.  #if defined (ARRAY_VARS)
  87.  #  if ARRAY_EXPORT
  88. --- a/subst.c

  89. +++ b/subst.c

  90. @@ -8047,7 +8047,9 @@ comsub:

  91.  
  92.  	  goto return0;
  93.  	}
  94. -      else if (var = find_variable_last_nameref (temp1))

  95. +      else if (var && (invisible_p (var) || var_isset (var) == 0))

  96. +	temp = (char *)NULL;

  97. +      else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) && invisible_p (var) == 0)

  98.  	{
  99.  	  temp = nameref_cell (var);
  100.  #if defined (ARRAY_VARS)
  101. --- a/patchlevel.h

  102. +++ b/patchlevel.h

  103. @@ -25,6 +25,6 @@

  104.     regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
  105.     looks for to find the patch level (for the sccs version string). */
  106.  
  107. -#define PATCHLEVEL 24

  108. +#define PATCHLEVEL 25

  109.  
  110.  #endif /* _PATCHLEVEL_H_ */