author | Stefan Teleman <stefan.teleman@oracle.com> |
Fri, 26 Sep 2014 07:28:47 -0700 | |
changeset 2115 | 7a21d361e274 |
permissions | -rw-r--r-- |
2115
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
1 |
# Patch Origin: http://www.openwall.com/lists/oss-security/2014/09/26/2 |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
2 |
# Patch is from Red Hat Security. |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
3 |
# Assigned CVE-2014-7186 and CVE-2014-7187 |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
4 |
# CVSS Score: 4.6 |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
5 |
--- ../bash-4.2-orig/parse.y 2014-09-25 13:07:59.218209276 +0200 |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
6 |
+++ parse.y 2014-09-25 15:26:52.813159810 +0200 |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
7 |
@@ -264,9 +264,21 @@ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
8 |
|
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
9 |
/* Variables to manage the task of reading here documents, because we need to |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
10 |
defer the reading until after a complete command has been collected. */ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
11 |
-static REDIRECT *redir_stack[10]; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
12 |
+static REDIRECT **redir_stack; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
13 |
int need_here_doc; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
14 |
|
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
15 |
+/* Pushes REDIR onto redir_stack, resizing it as needed. */ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
16 |
+static void |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
17 |
+push_redir_stack (REDIRECT *redir) |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
18 |
+{ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
19 |
+ /* Guard against oveflow. */ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
20 |
+ if (need_here_doc + 1 > INT_MAX / sizeof (*redir_stack)) |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
21 |
+ abort (); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
22 |
+ redir_stack = xrealloc (redir_stack, |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
23 |
+ (need_here_doc + 1) * sizeof (*redir_stack)); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
24 |
+ redir_stack[need_here_doc++] = redir; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
25 |
+} |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
26 |
+ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
27 |
/* Where shell input comes from. History expansion is performed on each |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
28 |
line when the shell is interactive. */ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
29 |
static char *shell_input_line = (char *)NULL; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
30 |
@@ -519,42 +531,42 @@ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
31 |
source.dest = 0; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
32 |
redir.filename = $2; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
33 |
$$ = make_redirection (source, r_reading_until, redir, 0); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
34 |
- redir_stack[need_here_doc++] = $$; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
35 |
+ push_redir_stack ($$); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
36 |
} |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
37 |
| NUMBER LESS_LESS WORD |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
38 |
{ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
39 |
source.dest = $1; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
40 |
redir.filename = $3; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
41 |
$$ = make_redirection (source, r_reading_until, redir, 0); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
42 |
- redir_stack[need_here_doc++] = $$; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
43 |
+ push_redir_stack ($$); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
44 |
} |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
45 |
| REDIR_WORD LESS_LESS WORD |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
46 |
{ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
47 |
source.filename = $1; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
48 |
redir.filename = $3; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
49 |
$$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
50 |
- redir_stack[need_here_doc++] = $$; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
51 |
+ push_redir_stack ($$); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
52 |
} |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
53 |
| LESS_LESS_MINUS WORD |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
54 |
{ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
55 |
source.dest = 0; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
56 |
redir.filename = $2; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
57 |
$$ = make_redirection (source, r_deblank_reading_until, redir, 0); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
58 |
- redir_stack[need_here_doc++] = $$; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
59 |
+ push_redir_stack ($$); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
60 |
} |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
61 |
| NUMBER LESS_LESS_MINUS WORD |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
62 |
{ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
63 |
source.dest = $1; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
64 |
redir.filename = $3; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
65 |
$$ = make_redirection (source, r_deblank_reading_until, redir, 0); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
66 |
- redir_stack[need_here_doc++] = $$; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
67 |
+ push_redir_stack ($$); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
68 |
} |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
69 |
| REDIR_WORD LESS_LESS_MINUS WORD |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
70 |
{ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
71 |
source.filename = $1; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
72 |
redir.filename = $3; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
73 |
$$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
74 |
- redir_stack[need_here_doc++] = $$; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
75 |
+ push_redir_stack ($$); |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
76 |
} |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
77 |
| LESS_LESS_LESS WORD |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
78 |
{ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
79 |
@@ -4757,7 +4769,7 @@ |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
80 |
case CASE: |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
81 |
case SELECT: |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
82 |
case FOR: |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
83 |
- if (word_top < MAX_CASE_NEST) |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
84 |
+ if (word_top + 1 < MAX_CASE_NEST) |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
85 |
word_top++; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
86 |
word_lineno[word_top] = line_number; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
87 |
break; |
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
88 |
|
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
89 |
|
7a21d361e274
19690348 problem in UTILITY/BASH
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff
changeset
|
90 |