File bash42-033-bnc770795.patch of Package bash.openSUSE_12.2_Update

Overview Repositories Revisions Requests Users Attributes Meta

File bash42-033-bnc770795.patch of Package bash.openSUSE_12.2_Update

BASH PATCH REPORT
			     =================

Bash-Release:	4.2
Patch-ID:	bash42-033

Bug-Reported-by:	David Leverton <levertond@googlemail.com>
Bug-Reference-ID:	<4FCCE737.1060603@googlemail.com>
Bug-Reference-URL:

Bug-Description:

Bash uses a static buffer when expanding the /dev/fd prefix for the test
and conditional commands, among other uses, when it should use a dynamic
buffer to avoid buffer overflow.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/sh/eaccess.c	2011-01-08 20:50:10.000000000 -0500
--- lib/sh/eaccess.c	2012-06-04 21:06:43.000000000 -0400
***************
*** 83,86 ****
--- 83,88 ----
       struct stat *finfo;
  {
+   static char *pbuf = 0;
+ 
    if (*path == '\0')
      {
***************
*** 107,111 ****
       On most systems, with the notable exception of linux, this is
       effectively a no-op. */
!       char pbuf[32];
        strcpy (pbuf, DEV_FD_PREFIX);
        strcat (pbuf, path + 8);
--- 109,113 ----
       On most systems, with the notable exception of linux, this is
       effectively a no-op. */
!       pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
        strcpy (pbuf, DEV_FD_PREFIX);
        strcat (pbuf, path + 8);

Places

File bash42-033-bnc770795.patch of Package bash.openSUSE_12.2_Update

Places