components/bash/patches/funcdef-import-4.1-CVE-2014-6271.patch
branchs11-update
changeset 3330 bed1d2a86c86
equal deleted inserted replaced
3324:a725bbd5dea1 3330:bed1d2a86c86
       
     1 # Patch is from the bash project.
       
     2 # It is currently embargo'ed (as of 2014-02-23).
       
     3 # It will become an official bash patch once the embargo is lifted.
       
     4 *** ../bash-4.1.11/builtins/common.h	2009-12-22 16:30:42.000000000 -0500
       
     5 --- builtins/common.h	2014-09-16 19:27:38.000000000 -0400
       
     6 ***************
       
     7 *** 36,39 ****
       
     8 --- 36,41 ----
       
     9   
       
    10   /* Flags for describe_command, shared between type.def and command.def */
       
    11 + #define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
       
    12 + #define SEVAL_ONECMD	0x100		/* only allow a single command */
       
    13   #define CDESC_ALL		0x001	/* type -a */
       
    14   #define CDESC_SHORTDESC		0x002	/* command -V */
       
    15 *** ../bash-4.1.11/builtins/evalstring.c	2009-10-17 21:18:50.000000000 -0400
       
    16 --- builtins/evalstring.c	2014-09-16 19:27:38.000000000 -0400
       
    17 ***************
       
    18 *** 262,265 ****
       
    19 --- 262,273 ----
       
    20   	      struct fd_bitmap *bitmap;
       
    21   
       
    22 + 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
       
    23 + 		{
       
    24 + 		  internal_warning ("%s: ignoring function definition attempt", from_file);
       
    25 + 		  should_jump_to_top_level = 0;
       
    26 + 		  last_result = last_command_exit_value = EX_BADUSAGE;
       
    27 + 		  break;
       
    28 + 		}
       
    29 + 
       
    30   	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
       
    31   	      begin_unwind_frame ("pe_dispose");
       
    32 ***************
       
    33 *** 322,325 ****
       
    34 --- 330,336 ----
       
    35   	      dispose_fd_bitmap (bitmap);
       
    36   	      discard_unwind_frame ("pe_dispose");
       
    37 + 
       
    38 + 	      if (flags & SEVAL_ONECMD)
       
    39 + 		break;
       
    40   	    }
       
    41   	}
       
    42 *** ../bash-4.1.11/variables.c	2010-03-26 12:15:39.000000000 -0400
       
    43 --- variables.c	2014-09-16 19:27:38.000000000 -0400
       
    44 ***************
       
    45 *** 348,357 ****
       
    46   	  strcpy (temp_string + char_index + 1, string);
       
    47   
       
    48 ! 	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
       
    49 ! 
       
    50 ! 	  /* Ancient backwards compatibility.  Old versions of bash exported
       
    51 ! 	     functions like name()=() {...} */
       
    52 ! 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
       
    53 ! 	    name[char_index - 2] = '\0';
       
    54   
       
    55   	  if (temp_var = find_function (name))
       
    56 --- 348,355 ----
       
    57   	  strcpy (temp_string + char_index + 1, string);
       
    58   
       
    59 ! 	  /* Don't import function names that are invalid identifiers from the
       
    60 ! 	     environment. */
       
    61 ! 	  if (legal_identifier (name))
       
    62 ! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
       
    63   
       
    64   	  if (temp_var = find_function (name))
       
    65 ***************
       
    66 *** 362,369 ****
       
    67   	  else
       
    68   	    report_error (_("error importing function definition for `%s'"), name);
       
    69 - 
       
    70 - 	  /* ( */
       
    71 - 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
       
    72 - 	    name[char_index - 2] = '(';		/* ) */
       
    73   	}
       
    74   #if defined (ARRAY_VARS)
       
    75 --- 360,363 ----
       
    76