]>
Commit | Line | Data |
---|---|---|
474daba6 MT |
1 | BASH PATCH REPORT |
2 | ================= | |
3 | ||
4 | Bash-Release: 4.3 | |
5 | Patch-ID: bash43-029 | |
6 | ||
7 | Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx> | |
8 | Bug-Reference-ID: | |
9 | Bug-Reference-URL: | |
10 | ||
11 | Bug-Description: | |
12 | ||
13 | When bash is parsing a function definition that contains a here-document | |
14 | delimited by end-of-file (or end-of-string), it leaves the closing delimiter | |
15 | uninitialized. This can result in an invalid memory access when the parsed | |
16 | function is later copied. | |
17 | ||
18 | Patch (apply with `patch -p0'): | |
19 | ||
20 | *** ../bash-4.3.28/make_cmd.c 2011-12-16 08:08:01.000000000 -0500 | |
21 | --- make_cmd.c 2014-10-02 11:24:23.000000000 -0400 | |
22 | *************** | |
23 | *** 693,696 **** | |
24 | --- 693,697 ---- | |
25 | temp->redirector = source; | |
26 | temp->redirectee = dest_and_filename; | |
27 | + temp->here_doc_eof = 0; | |
28 | temp->instruction = instruction; | |
29 | temp->flags = 0; | |
30 | *** ../bash-4.3.28/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400 | |
31 | --- copy_cmd.c 2014-10-02 11:24:23.000000000 -0400 | |
32 | *************** | |
33 | *** 127,131 **** | |
34 | case r_reading_until: | |
35 | case r_deblank_reading_until: | |
36 | ! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); | |
37 | /*FALLTHROUGH*/ | |
38 | case r_reading_string: | |
39 | --- 127,131 ---- | |
40 | case r_reading_until: | |
41 | case r_deblank_reading_until: | |
42 | ! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; | |
43 | /*FALLTHROUGH*/ | |
44 | case r_reading_string: | |
45 | *** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 | |
46 | --- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 | |
47 | *************** | |
48 | *** 26,30 **** | |
49 | looks for to find the patch level (for the sccs version string). */ | |
50 | ||
51 | ! #define PATCHLEVEL 28 | |
52 | ||
53 | #endif /* _PATCHLEVEL_H_ */ | |
54 | --- 26,30 ---- | |
55 | looks for to find the patch level (for the sccs version string). */ | |
56 | ||
57 | ! #define PATCHLEVEL 29 | |
58 | ||
59 | #endif /* _PATCHLEVEL_H_ */ |