churchyard / rpms / bash

Forked from rpms/bash 5 years ago
Clone
Source Code
GIT

Blame bash42-044

arg f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f7 f8 f9 master user_path_priority
  1.   f18
  2.   bash42-044
Blob History Raw
Roman Rakus f43bd3e 
			     BASH PATCH REPORT
Roman Rakus f43bd3e 
			     =================
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
Bash-Release:	4.2
Roman Rakus f43bd3e 
Patch-ID:	bash42-044
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
Bug-Reported-by:	"Dashing" <dashing@hushmail.com>
Roman Rakus f43bd3e 
Bug-Reference-ID:	<20130211175049.D90786F446@smtp.hushmail.com>
Roman Rakus f43bd3e 
Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00030.html
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
Bug-Description:
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
When converting a multibyte string to a wide character string as part of
Roman Rakus f43bd3e 
pattern matching, bash does not handle the end of the string correctly,
Roman Rakus f43bd3e 
causing the search for the NUL to go beyond the end of the string and
Roman Rakus f43bd3e 
reference random memory.  Depending on the contents of that memory, bash
Roman Rakus f43bd3e 
can produce errors or crash.
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
Patch (apply with `patch -p0'):
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c	2012-07-08 21:53:19.000000000 -0400
Roman Rakus f43bd3e 
--- lib/glob/xmbsrtowcs.c	2013-02-12 12:00:39.000000000 -0500
Roman Rakus f43bd3e 
***************
Roman Rakus f43bd3e 
*** 217,220 ****
Roman Rakus f43bd3e 
--- 217,226 ----
Roman Rakus f43bd3e 
        n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
+       if (n == 0 && p == 0)
Roman Rakus f43bd3e 
+ 	{
Roman Rakus f43bd3e 
+ 	  wsbuf[wcnum] = L'\0';
Roman Rakus f43bd3e 
+ 	  break;
Roman Rakus f43bd3e 
+ 	}
Roman Rakus f43bd3e 
+
Roman Rakus f43bd3e 
        /* Compensate for taking single byte on wcs conversion failure above. */
Roman Rakus f43bd3e 
        if (wcslength == 1 && (n == 0 || n == (size_t)-1))
Roman Rakus f43bd3e 
***************
Roman Rakus f43bd3e 
*** 222,226 ****
Roman Rakus f43bd3e 
  	  state = tmp_state;
Roman Rakus f43bd3e 
  	  p = tmp_p;
Roman Rakus f43bd3e 
! 	  wsbuf[wcnum++] = *p++;
Roman Rakus f43bd3e 
  	}
Roman Rakus f43bd3e 
        else
Roman Rakus f43bd3e 
--- 228,238 ----
Roman Rakus f43bd3e 
  	  state = tmp_state;
Roman Rakus f43bd3e 
  	  p = tmp_p;
Roman Rakus f43bd3e 
! 	  wsbuf[wcnum] = *p;
Roman Rakus f43bd3e 
! 	  if (*p == 0)
Roman Rakus f43bd3e 
! 	    break;
Roman Rakus f43bd3e 
! 	  else
Roman Rakus f43bd3e 
! 	    {
Roman Rakus f43bd3e 
! 	      wcnum++; p++;
Roman Rakus f43bd3e 
! 	    }
Roman Rakus f43bd3e 
  	}
Roman Rakus f43bd3e 
        else
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
Roman Rakus f43bd3e 
--- patchlevel.h	Thu Feb 24 21:41:34 2011
Roman Rakus f43bd3e 
***************
Roman Rakus f43bd3e 
*** 26,30 ****
Roman Rakus f43bd3e 
     looks for to find the patch level (for the sccs version string). */
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
! #define PATCHLEVEL 43
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
  #endif /* _PATCHLEVEL_H_ */
Roman Rakus f43bd3e 
--- 26,30 ----
Roman Rakus f43bd3e 
     looks for to find the patch level (for the sccs version string). */
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
! #define PATCHLEVEL 44
Roman Rakus f43bd3e
Roman Rakus f43bd3e 
  #endif /* _PATCHLEVEL_H_ */
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.