add patch from the Bash project fixing CVE-2012-3410

This commit is contained in:
spz 2012-07-18 15:43:09 +00:00
parent 4e145b5eb0
commit cda5763792
3 changed files with 41 additions and 3 deletions

View file

@ -1,10 +1,10 @@
# $NetBSD: Makefile,v 1.52 2011/04/22 13:44:39 obache Exp $ # $NetBSD: Makefile,v 1.53 2012/07/18 15:43:09 spz Exp $
BASH_VERSION= 4.2 BASH_VERSION= 4.2
DISTNAME= bash-${BASH_VERSION} DISTNAME= bash-${BASH_VERSION}
#PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL} #PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL}
PKGREVISION= 1 PKGREVISION= 2
CATEGORIES= shells CATEGORIES= shells
MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \ MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \
ftp://ftp.cwru.edu/pub/bash/ ftp://ftp.cwru.edu/pub/bash/

View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.24 2011/03/22 04:45:31 obache Exp $ $NetBSD: distinfo,v 1.25 2012/07/18 15:43:10 spz Exp $
SHA1 (bash-4.2.tar.gz) = 487840ab7134eb7901fbb2e49b0ee3d22de15cb8 SHA1 (bash-4.2.tar.gz) = 487840ab7134eb7901fbb2e49b0ee3d22de15cb8
RMD160 (bash-4.2.tar.gz) = df7ae51783f039a1234d3b720ffcf4bfa5d09673 RMD160 (bash-4.2.tar.gz) = df7ae51783f039a1234d3b720ffcf4bfa5d09673
@ -8,3 +8,4 @@ SHA1 (patch-ag) = 4da0a43f6b890482affff46b18eef4be67770e48
SHA1 (patch-ai) = 26825922898567841bed0bf62a8dee3bcc50cd75 SHA1 (patch-ai) = 26825922898567841bed0bf62a8dee3bcc50cd75
SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e
SHA1 (patch-ak) = 6dfb7195f45f81064f687a4c9febb9dcae721aa7 SHA1 (patch-ak) = 6dfb7195f45f81064f687a4c9febb9dcae721aa7
SHA1 (patch-lib_sh_eaccess.c) = 484577f09efe67f604c3fb85afdb5a58b64f5b6c

View file

@ -0,0 +1,37 @@
$NetBSD: patch-lib_sh_eaccess.c,v 1.1 2012/07/18 15:43:12 spz Exp $
from ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033
Bash-Release: 4.2
Patch-ID: bash42-033
Bug-Reported-by: David Leverton <levertond@googlemail.com>
Bug-Reference-ID: <4FCCE737.1060603@googlemail.com>
Bug-Reference-URL:
Bug-Description:
Bash uses a static buffer when expanding the /dev/fd prefix for the test
and conditional commands, among other uses, when it should use a dynamic
buffer to avoid buffer overflow.
--- lib/sh/eaccess.c.orig 2011-01-09 01:50:10.000000000 +0000
+++ lib/sh/eaccess.c
@@ -82,6 +82,8 @@ sh_stat (path, finfo)
const char *path;
struct stat *finfo;
{
+ static char *pbuf = 0;
+
if (*path == '\0')
{
errno = ENOENT;
@@ -106,7 +108,7 @@ sh_stat (path, finfo)
trailing slash. Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx.
On most systems, with the notable exception of linux, this is
effectively a no-op. */
- char pbuf[32];
+ pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
strcpy (pbuf, DEV_FD_PREFIX);
strcat (pbuf, path + 8);
return (stat (pbuf, finfo));