add patch from the Bash project fixing CVE-2012-3410
This commit is contained in:
spz
parent
4e145b5eb0
commit
cda5763792
3 changed files with 41 additions and 3 deletions
|
|
@ -1,10 +1,10 @@
|
|||
# $NetBSD: Makefile,v 1.52 2011/04/22 13:44:39 obache Exp $
|
||||
# $NetBSD: Makefile,v 1.53 2012/07/18 15:43:09 spz Exp $
|
||||
|
||||
BASH_VERSION= 4.2
|
||||
|
||||
DISTNAME= bash-${BASH_VERSION}
|
||||
#PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL}
|
||||
PKGREVISION= 1
|
||||
PKGREVISION= 2
|
||||
CATEGORIES= shells
|
||||
MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \
|
||||
ftp://ftp.cwru.edu/pub/bash/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.24 2011/03/22 04:45:31 obache Exp $
|
||||
$NetBSD: distinfo,v 1.25 2012/07/18 15:43:10 spz Exp $
|
||||
|
||||
SHA1 (bash-4.2.tar.gz) = 487840ab7134eb7901fbb2e49b0ee3d22de15cb8
|
||||
RMD160 (bash-4.2.tar.gz) = df7ae51783f039a1234d3b720ffcf4bfa5d09673
|
||||
|
|
@ -8,3 +8,4 @@ SHA1 (patch-ag) = 4da0a43f6b890482affff46b18eef4be67770e48
|
|||
SHA1 (patch-ai) = 26825922898567841bed0bf62a8dee3bcc50cd75
|
||||
SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e
|
||||
SHA1 (patch-ak) = 6dfb7195f45f81064f687a4c9febb9dcae721aa7
|
||||
SHA1 (patch-lib_sh_eaccess.c) = 484577f09efe67f604c3fb85afdb5a58b64f5b6c
|
||||
|
|
|
|||
37
shells/bash/patches/patch-lib_sh_eaccess.c
Normal file
37
shells/bash/patches/patch-lib_sh_eaccess.c
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
$NetBSD: patch-lib_sh_eaccess.c,v 1.1 2012/07/18 15:43:12 spz Exp $
|
||||
|
||||
from ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033
|
||||
|
||||
Bash-Release: 4.2
|
||||
Patch-ID: bash42-033
|
||||
|
||||
Bug-Reported-by: David Leverton <levertond@googlemail.com>
|
||||
Bug-Reference-ID: <4FCCE737.1060603@googlemail.com>
|
||||
Bug-Reference-URL:
|
||||
|
||||
Bug-Description:
|
||||
|
||||
Bash uses a static buffer when expanding the /dev/fd prefix for the test
|
||||
and conditional commands, among other uses, when it should use a dynamic
|
||||
buffer to avoid buffer overflow.
|
||||
|
||||
--- lib/sh/eaccess.c.orig 2011-01-09 01:50:10.000000000 +0000
|
||||
+++ lib/sh/eaccess.c
|
||||
@@ -82,6 +82,8 @@ sh_stat (path, finfo)
|
||||
const char *path;
|
||||
struct stat *finfo;
|
||||
{
|
||||
+ static char *pbuf = 0;
|
||||
+
|
||||
if (*path == '\0')
|
||||
{
|
||||
errno = ENOENT;
|
||||
@@ -106,7 +108,7 @@ sh_stat (path, finfo)
|
||||
trailing slash. Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx.
|
||||
On most systems, with the notable exception of linux, this is
|
||||
effectively a no-op. */
|
||||
- char pbuf[32];
|
||||
+ pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
|
||||
strcpy (pbuf, DEV_FD_PREFIX);
|
||||
strcat (pbuf, path + 8);
|
||||
return (stat (pbuf, finfo));
|
||||
Loading…
Reference in a new issue