summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch')
-rw-r--r--meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch77
1 files changed, 77 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch
new file mode 100644
index 0000000000..7226ffb665
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6271.patch
@@ -0,0 +1,77 @@
1Fix CVE-2014-6271, aka ShellShock.
2
3Upstream-Status: Backport
4Signed-off-by: Ross Burton <ross.burton@intel.com>
5
6*** ../bash-3.2.51/builtins/common.h 2006-03-06 09:38:44.000000000 -0500
7--- builtins/common.h 2014-09-16 19:08:02.000000000 -0400
8***************
9*** 34,37 ****
10--- 34,39 ----
11
12 /* Flags for describe_command, shared between type.def and command.def */
13+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
14+ #define SEVAL_ONECMD 0x100 /* only allow a single command */
15 #define CDESC_ALL 0x001 /* type -a */
16 #define CDESC_SHORTDESC 0x002 /* command -V */
17*** ../bash-3.2.51/builtins/evalstring.c 2008-11-15 17:47:04.000000000 -0500
18--- builtins/evalstring.c 2014-09-16 19:08:02.000000000 -0400
19***************
20*** 235,238 ****
21--- 235,246 ----
22 struct fd_bitmap *bitmap;
23
24+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
25+ {
26+ internal_warning ("%s: ignoring function definition attempt", from_file);
27+ should_jump_to_top_level = 0;
28+ last_result = last_command_exit_value = EX_BADUSAGE;
29+ break;
30+ }
31+
32 bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
33 begin_unwind_frame ("pe_dispose");
34***************
35*** 292,295 ****
36--- 300,306 ----
37 dispose_fd_bitmap (bitmap);
38 discard_unwind_frame ("pe_dispose");
39+
40+ if (flags & SEVAL_ONECMD)
41+ break;
42 }
43 }
44*** ../bash-3.2.51/variables.c 2008-11-15 17:15:06.000000000 -0500
45--- variables.c 2014-09-16 19:10:39.000000000 -0400
46***************
47*** 319,328 ****
48 strcpy (temp_string + char_index + 1, string);
49
50! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
51!
52! /* Ancient backwards compatibility. Old versions of bash exported
53! functions like name()=() {...} */
54! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
55! name[char_index - 2] = '\0';
56
57 if (temp_var = find_function (name))
58--- 319,326 ----
59 strcpy (temp_string + char_index + 1, string);
60
61! /* Don't import function names that are invalid identifiers from the
62! environment. */
63! if (legal_identifier (name))
64! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
65
66 if (temp_var = find_function (name))
67***************
68*** 333,340 ****
69 else
70 report_error (_("error importing function definition for `%s'"), name);
71-
72- /* ( */
73- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
74- name[char_index - 2] = '('; /* ) */
75 }
76 #if defined (ARRAY_VARS)
77--- 331,334 ----