equal
deleted
inserted
replaced
|
1 BASH PATCH REPORT |
|
2 ================= |
|
3 |
|
4 Bash-Release: 4.4 |
|
5 Patch-ID: bash44-003 |
|
6 |
|
7 Bug-Reported-by: op7ic \x00 <[email protected]> |
|
8 Bug-Reference-ID: <CAFHyJTopWC5Jx+U7WcvxSZKu+KrqSf+_3sHPiRWo=VzXSiPq=w@mail.gmail.com> |
|
9 Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00005.html |
|
10 |
|
11 Bug-Description: |
|
12 |
|
13 Specially-crafted input, in this case an incomplete pathname expansion |
|
14 bracket expression containing an invalid collating symbol, can cause the |
|
15 shell to crash. |
|
16 |
|
17 Patch (apply with `patch -p0'): |
|
18 |
|
19 *** ../bash-4.4/lib/glob/sm_loop.c 2016-04-10 11:23:21.000000000 -0400 |
|
20 --- lib/glob/sm_loop.c 2016-11-02 14:03:34.000000000 -0400 |
|
21 *************** |
|
22 *** 331,334 **** |
|
23 --- 331,340 ---- |
|
24 if (p[pc] == L('.') && p[pc+1] == L(']')) |
|
25 break; |
|
26 + if (p[pc] == 0) |
|
27 + { |
|
28 + if (vp) |
|
29 + *vp = INVALID; |
|
30 + return (p + pc); |
|
31 + } |
|
32 val = COLLSYM (p, pc); |
|
33 if (vp) |
|
34 *************** |
|
35 *** 484,487 **** |
|
36 --- 490,496 ---- |
|
37 c = FOLD (c); |
|
38 |
|
39 + if (c == L('\0')) |
|
40 + return ((test == L('[')) ? savep : (CHAR *)0); |
|
41 + |
|
42 if ((flags & FNM_PATHNAME) && c == L('/')) |
|
43 /* [/] can never match when matching a pathname. */ |
|
44 *** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 |
|
45 --- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 |
|
46 *************** |
|
47 *** 26,30 **** |
|
48 looks for to find the patch level (for the sccs version string). */ |
|
49 |
|
50 ! #define PATCHLEVEL 2 |
|
51 |
|
52 #endif /* _PATCHLEVEL_H_ */ |
|
53 --- 26,30 ---- |
|
54 looks for to find the patch level (for the sccs version string). */ |
|
55 |
|
56 ! #define PATCHLEVEL 3 |
|
57 |
|
58 #endif /* _PATCHLEVEL_H_ */ |