diff options
Diffstat (limited to 'meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch')
| -rw-r--r-- | meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch new file mode 100644 index 0000000000..7226ffb665 --- /dev/null +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch | |||
| @@ -0,0 +1,77 @@ | |||
| 1 | Fix CVE-2014-6271, aka ShellShock. | ||
| 2 | |||
| 3 | Upstream-Status: Backport | ||
| 4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
| 5 | |||
| 6 | *** ../bash-3.2.51/builtins/common.h 2006-03-06 09:38:44.000000000 -0500 | ||
| 7 | --- builtins/common.h 2014-09-16 19:08:02.000000000 -0400 | ||
| 8 | *************** | ||
| 9 | *** 34,37 **** | ||
| 10 | --- 34,39 ---- | ||
| 11 | |||
| 12 | /* Flags for describe_command, shared between type.def and command.def */ | ||
| 13 | + #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ | ||
| 14 | + #define SEVAL_ONECMD 0x100 /* only allow a single command */ | ||
| 15 | #define CDESC_ALL 0x001 /* type -a */ | ||
| 16 | #define CDESC_SHORTDESC 0x002 /* command -V */ | ||
| 17 | *** ../bash-3.2.51/builtins/evalstring.c 2008-11-15 17:47:04.000000000 -0500 | ||
| 18 | --- builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400 | ||
| 19 | *************** | ||
| 20 | *** 235,238 **** | ||
| 21 | --- 235,246 ---- | ||
| 22 | struct fd_bitmap *bitmap; | ||
| 23 | |||
| 24 | + if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) | ||
| 25 | + { | ||
| 26 | + internal_warning ("%s: ignoring function definition attempt", from_file); | ||
| 27 | + should_jump_to_top_level = 0; | ||
| 28 | + last_result = last_command_exit_value = EX_BADUSAGE; | ||
| 29 | + break; | ||
| 30 | + } | ||
| 31 | + | ||
| 32 | bitmap = new_fd_bitmap (FD_BITMAP_SIZE); | ||
| 33 | begin_unwind_frame ("pe_dispose"); | ||
| 34 | *************** | ||
| 35 | *** 292,295 **** | ||
| 36 | --- 300,306 ---- | ||
| 37 | dispose_fd_bitmap (bitmap); | ||
| 38 | discard_unwind_frame ("pe_dispose"); | ||
| 39 | + | ||
| 40 | + if (flags & SEVAL_ONECMD) | ||
| 41 | + break; | ||
| 42 | } | ||
| 43 | } | ||
| 44 | *** ../bash-3.2.51/variables.c 2008-11-15 17:15:06.000000000 -0500 | ||
| 45 | --- variables.c 2014-09-16 19:10:39.000000000 -0400 | ||
| 46 | *************** | ||
| 47 | *** 319,328 **** | ||
| 48 | strcpy (temp_string + char_index + 1, string); | ||
| 49 | |||
| 50 | ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); | ||
| 51 | ! | ||
| 52 | ! /* Ancient backwards compatibility. Old versions of bash exported | ||
| 53 | ! functions like name()=() {...} */ | ||
| 54 | ! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') | ||
| 55 | ! name[char_index - 2] = '\0'; | ||
| 56 | |||
| 57 | if (temp_var = find_function (name)) | ||
| 58 | --- 319,326 ---- | ||
| 59 | strcpy (temp_string + char_index + 1, string); | ||
| 60 | |||
| 61 | ! /* Don't import function names that are invalid identifiers from the | ||
| 62 | ! environment. */ | ||
| 63 | ! if (legal_identifier (name)) | ||
| 64 | ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); | ||
| 65 | |||
| 66 | if (temp_var = find_function (name)) | ||
| 67 | *************** | ||
| 68 | *** 333,340 **** | ||
| 69 | else | ||
| 70 | report_error (_("error importing function definition for `%s'"), name); | ||
| 71 | - | ||
| 72 | - /* ( */ | ||
| 73 | - if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') | ||
| 74 | - name[char_index - 2] = '('; /* ) */ | ||
| 75 | } | ||
| 76 | #if defined (ARRAY_VARS) | ||
| 77 | --- 331,334 ---- | ||