[ipfire-2.x.git] / src / patches / bash-3.2-CVE-2014-6271.patch

*** ../bash-3.2.51/builtins/common.h	2006-03-06 09:38:44.000000000 -0500
--- builtins/common.h	2014-09-16 19:08:02.000000000 -0400
***************
*** 34,37 ****
--- 34,39 ----
  
  /* Flags for describe_command, shared between type.def and command.def */
+ #define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
+ #define SEVAL_ONECMD	0x100		/* only allow a single command */
  #define CDESC_ALL		0x001	/* type -a */
  #define CDESC_SHORTDESC		0x002	/* command -V */
*** ../bash-3.2.51/builtins/evalstring.c	2008-11-15 17:47:04.000000000 -0500
--- builtins/evalstring.c	2014-09-16 19:08:02.000000000 -0400
***************
*** 235,238 ****
--- 235,246 ----
  	      struct fd_bitmap *bitmap;
  
+ 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+ 		{
+ 		  internal_warning ("%s: ignoring function definition attempt", from_file);
+ 		  should_jump_to_top_level = 0;
+ 		  last_result = last_command_exit_value = EX_BADUSAGE;
+ 		  break;
+ 		}
+ 
  	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
  	      begin_unwind_frame ("pe_dispose");
***************
*** 292,295 ****
--- 300,306 ----
  	      dispose_fd_bitmap (bitmap);
  	      discard_unwind_frame ("pe_dispose");
+ 
+ 	      if (flags & SEVAL_ONECMD)
+ 		break;
  	    }
  	}
*** ../bash-3.2.51/variables.c	2008-11-15 17:15:06.000000000 -0500
--- variables.c	2014-09-16 19:10:39.000000000 -0400
***************
*** 319,328 ****
  	  strcpy (temp_string + char_index + 1, string);
  
! 	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
! 
! 	  /* Ancient backwards compatibility.  Old versions of bash exported
! 	     functions like name()=() {...} */
! 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
! 	    name[char_index - 2] = '\0';
  
  	  if (temp_var = find_function (name))
--- 319,326 ----
  	  strcpy (temp_string + char_index + 1, string);
  
! 	  /* Don't import function names that are invalid identifiers from the
! 	     environment. */
! 	  if (legal_identifier (name))
! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
  
  	  if (temp_var = find_function (name))
***************
*** 333,340 ****
  	  else
  	    report_error (_("error importing function definition for `%s'"), name);
- 
- 	  /* ( */
- 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
- 	    name[char_index - 2] = '(';		/* ) */
  	}
  #if defined (ARRAY_VARS)
--- 331,334 ----
Commit	Line	Data
6cda6f90 MT	1	*** ../bash-3.2.51/builtins/common.h 2006-03-06 09:38:44.000000000 -0500
	2	--- builtins/common.h 2014-09-16 19:08:02.000000000 -0400
	3	***************
	4	* 34,37 **
	5	--- 34,39 ----
	6
	7	/* Flags for describe_command, shared between type.def and command.def */
	8	+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
	9	+ #define SEVAL_ONECMD 0x100 /* only allow a single command */
	10	#define CDESC_ALL 0x001 /* type -a */
	11	#define CDESC_SHORTDESC 0x002 /* command -V */
	12	*** ../bash-3.2.51/builtins/evalstring.c 2008-11-15 17:47:04.000000000 -0500
	13	--- builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400
	14	***************
	15	* 235,238 **
	16	--- 235,246 ----
	17	struct fd_bitmap *bitmap;
	18
	19	+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
	20	+ {
	21	+ internal_warning ("%s: ignoring function definition attempt", from_file);
	22	+ should_jump_to_top_level = 0;
	23	+ last_result = last_command_exit_value = EX_BADUSAGE;
	24	+ break;
	25	+ }
	26	+
	27	bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
	28	begin_unwind_frame ("pe_dispose");
	29	***************
	30	* 292,295 **
	31	--- 300,306 ----
	32	dispose_fd_bitmap (bitmap);
	33	discard_unwind_frame ("pe_dispose");
	34	+
	35	+ if (flags & SEVAL_ONECMD)
	36	+ break;
	37	}
	38	}
	39	*** ../bash-3.2.51/variables.c 2008-11-15 17:15:06.000000000 -0500
	40	--- variables.c 2014-09-16 19:10:39.000000000 -0400
	41	***************
	42	* 319,328 **
	43	strcpy (temp_string + char_index + 1, string);
	44
	45	! parse_and_execute (temp_string, name, SEVAL_NONINT\|SEVAL_NOHIST);
	46	!
	47	! /* Ancient backwards compatibility. Old versions of bash exported
	48	! functions like name()=() {...} */
	49	! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
	50	! name[char_index - 2] = '\0';
	51
	52	if (temp_var = find_function (name))
	53	--- 319,326 ----
	54	strcpy (temp_string + char_index + 1, string);
	55
	56	! /* Don't import function names that are invalid identifiers from the
	57	! environment. */
	58	! if (legal_identifier (name))
	59	! parse_and_execute (temp_string, name, SEVAL_NONINT\|SEVAL_NOHIST\|SEVAL_FUNCDEF\|SEVAL_ONECMD);
	60
	61	if (temp_var = find_function (name))
	62	***************
	63	* 333,340 **
	64	else
65	report_error (_("error importing function definition for `%s'"), name);
66	-
67	- /* ( */
68	- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
69	- name[char_index - 2] = '('; /* ) */
70	}
71	#if defined (ARRAY_VARS)
72	--- 331,334 ----