src/patches/bash-3.2-CVE-2014-6271.patch

   1 *** ../bash-3.2.51/builtins/common.h    2006-03-06 09:38:44.000000000 -0500
   2 --- builtins/common.h   2014-09-16 19:08:02.000000000 -0400
   3 ***************
   4 *** 34,37 ****
   5 --- 34,39 ----
   6
   7   /* Flags for describe_command, shared between type.def and command.def */
   8 + #define SEVAL_FUNCDEF 0x080           /* only allow function definitions */
   9 + #define SEVAL_ONECMD  0x100           /* only allow a single command */
  10   #define CDESC_ALL             0x001   /* type -a */
  11   #define CDESC_SHORTDESC               0x002   /* command -V */
  12 *** ../bash-3.2.51/builtins/evalstring.c        2008-11-15 17:47:04.000000000 -0500
  13 --- builtins/evalstring.c       2014-09-16 19:08:02.000000000 -0400
  14 ***************
  15 *** 235,238 ****
  16 --- 235,246 ----
  17               struct fd_bitmap *bitmap;
  18
  19 +             if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
  20 +               {
  21 +                 internal_warning ("%s: ignoring function definition attempt", from_file);
  22 +                 should_jump_to_top_level = 0;
  23 +                 last_result = last_command_exit_value = EX_BADUSAGE;
  24 +                 break;
  25 +               }
  26 +
  27               bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
  28               begin_unwind_frame ("pe_dispose");
  29 ***************
  30 *** 292,295 ****
  31 --- 300,306 ----
  32               dispose_fd_bitmap (bitmap);
  33               discard_unwind_frame ("pe_dispose");
  34 +
  35 +             if (flags & SEVAL_ONECMD)
  36 +               break;
  37             }
  38         }
  39 *** ../bash-3.2.51/variables.c  2008-11-15 17:15:06.000000000 -0500
  40 --- variables.c 2014-09-16 19:10:39.000000000 -0400
  41 ***************
  42 *** 319,328 ****
  43           strcpy (temp_string + char_index + 1, string);
  44
  45 !         parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
  46 !
  47 !         /* Ancient backwards compatibility.  Old versions of bash exported
  48 !            functions like name()=() {...} */
  49 !         if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
  50 !           name[char_index - 2] = '\0';
  51
  52           if (temp_var = find_function (name))
  53 --- 319,326 ----
  54           strcpy (temp_string + char_index + 1, string);
  55
  56 !         /* Don't import function names that are invalid identifiers from the
  57 !            environment. */
  58 !         if (legal_identifier (name))
  59 !           parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
  60
  61           if (temp_var = find_function (name))
  62 ***************
  63 *** 333,340 ****
  64           else
  65             report_error (_("error importing function definition for `%s'"), name);
  66 -
  67 -         /* ( */
  68 -         if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
  69 -           name[char_index - 2] = '(';         /* ) */
  70         }
  71   #if defined (ARRAY_VARS)
  72 --- 331,334 ----