diff options
Diffstat (limited to 'source/a/bash/bash-4.2-patches/bash42-044')
| -rw-r--r-- | source/a/bash/bash-4.2-patches/bash42-044 | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/source/a/bash/bash-4.2-patches/bash42-044 b/source/a/bash/bash-4.2-patches/bash42-044 new file mode 100644 index 00000000..e5bf2832 --- /dev/null +++ b/source/a/bash/bash-4.2-patches/bash42-044 @@ -0,0 +1,70 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.2 +Patch-ID: bash42-044 + +Bug-Reported-by: "Dashing" <dashing@hushmail.com> +Bug-Reference-ID: <20130211175049.D90786F446@smtp.hushmail.com> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00030.html + +Bug-Description: + +When converting a multibyte string to a wide character string as part of +pattern matching, bash does not handle the end of the string correctly, +causing the search for the NUL to go beyond the end of the string and +reference random memory. Depending on the contents of that memory, bash +can produce errors or crash. + +Patch (apply with `patch -p0'): + +*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c 2012-07-08 21:53:19.000000000 -0400 +--- lib/glob/xmbsrtowcs.c 2013-02-12 12:00:39.000000000 -0500 +*************** +*** 217,220 **** +--- 217,226 ---- + n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state); + ++ if (n == 0 && p == 0) ++ { ++ wsbuf[wcnum] = L'\0'; ++ break; ++ } ++ + /* Compensate for taking single byte on wcs conversion failure above. */ + if (wcslength == 1 && (n == 0 || n == (size_t)-1)) +*************** +*** 222,226 **** + state = tmp_state; + p = tmp_p; +! wsbuf[wcnum++] = *p++; + } + else +--- 228,238 ---- + state = tmp_state; + p = tmp_p; +! wsbuf[wcnum] = *p; +! if (*p == 0) +! break; +! else +! { +! wcnum++; p++; +! } + } + else + +*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 +--- patchlevel.h Thu Feb 24 21:41:34 2011 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 43 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 44 + + #endif /* _PATCHLEVEL_H_ */ |