diff options
Diffstat (limited to 'meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch')
-rw-r--r-- | meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch b/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch new file mode 100644 index 0000000000..83b40027cf --- /dev/null +++ b/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | bash: Fix CVE-2014-6277 (shellshock) | ||
2 | |||
3 | Upstream-status: backport | ||
4 | |||
5 | Downloaded from: | ||
6 | ftp://ftp.gnu.org/pub/bash/bash-4.3-patches/bash43-029 | ||
7 | |||
8 | Author: Chet Ramey <chet.ramey@case.edu> | ||
9 | Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com> | ||
10 | |||
11 | BASH PATCH REPORT | ||
12 | ================= | ||
13 | |||
14 | Bash-Release: 4.3 | ||
15 | Patch-ID: bash43-029 | ||
16 | |||
17 | Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx> | ||
18 | Bug-Reference-ID: | ||
19 | Bug-Reference-URL: | ||
20 | |||
21 | Bug-Description: | ||
22 | |||
23 | When bash is parsing a function definition that contains a here-document | ||
24 | delimited by end-of-file (or end-of-string), it leaves the closing delimiter | ||
25 | uninitialized. This can result in an invalid memory access when the parsed | ||
26 | function is later copied. | ||
27 | --- | ||
28 | --- a/make_cmd.c 2011-12-16 08:08:01.000000000 -0500 | ||
29 | +++ b/make_cmd.c 2014-10-02 11:24:23.000000000 -0400 | ||
30 | @@ -693,4 +693,5 @@ | ||
31 | temp->redirector = source; | ||
32 | temp->redirectee = dest_and_filename; | ||
33 | + temp->here_doc_eof = 0; | ||
34 | temp->instruction = instruction; | ||
35 | temp->flags = 0; | ||
36 | --- a/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400 | ||
37 | +++ b/copy_cmd.c 2014-10-02 11:24:23.000000000 -0400 | ||
38 | @@ -127,5 +127,5 @@ | ||
39 | case r_reading_until: | ||
40 | case r_deblank_reading_until: | ||
41 | - new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); | ||
42 | + new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; | ||
43 | /*FALLTHROUGH*/ | ||
44 | case r_reading_string: | ||