summaryrefslogtreecommitdiff
path: root/patches/source/bash/bash-4.1-patches/bash41-016
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/bash/bash-4.1-patches/bash41-016')
-rw-r--r--patches/source/bash/bash-4.1-patches/bash41-01659
1 files changed, 59 insertions, 0 deletions
diff --git a/patches/source/bash/bash-4.1-patches/bash41-016 b/patches/source/bash/bash-4.1-patches/bash41-016
new file mode 100644
index 00000000..ff1ce9cd
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-016
@@ -0,0 +1,59 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.1
+Patch-ID: bash41-016
+
+Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized. This can result in an invalid memory access when the parsed
+function is later copied.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1.15/make_cmd.c 2009-09-11 17:26:12.000000000 -0400
+--- make_cmd.c 2014-10-02 11:29:35.000000000 -0400
+***************
+*** 690,693 ****
+--- 690,694 ----
+ temp->redirector = source;
+ temp->redirectee = dest_and_filename;
++ temp->here_doc_eof = 0;
+ temp->instruction = instruction;
+ temp->flags = 0;
+*** ../bash-4.1.15/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400
+--- copy_cmd.c 2014-10-02 11:29:35.000000000 -0400
+***************
+*** 127,131 ****
+ case r_reading_until:
+ case r_deblank_reading_until:
+! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
+ /*FALLTHROUGH*/
+ case r_reading_string:
+--- 127,131 ----
+ case r_reading_until:
+ case r_deblank_reading_until:
+! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+ /*FALLTHROUGH*/
+ case r_reading_string:
+*** ../bash-4.1-patched/patchlevel.h 2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h 2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 15
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 16
+
+ #endif /* _PATCHLEVEL_H_ */