Close of build 04.
#
# Backported to bash 4.1 from:
# http://lists.gnu.org/archive/html/bug-bash/2012-07/msg00027.html
# Also see:
# https://bugzilla.redhat.com/show_bug.cgi?id=840091
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410
#
--- lib/sh/eaccess.c 2008-08-12 08:50:01.000000000 -0700
+++ lib/sh/eaccess.c 2012-07-24 09:39:37.970186946 -0700
@@ -40,6 +40,10 @@
#if !defined (_POSIX_VERSION) && defined (HAVE_SYS_FILE_H)
# include <sys/file.h>
#endif /* !_POSIX_VERSION */
+
+#include <string.h> /* memset(3C) */
+#include <limits.h> /* _XOPEN_PATH_MAX */
+
#include "posixstat.h"
#include "filecntl.h"
@@ -82,6 +86,8 @@
const char *path;
struct stat *finfo;
{
+ static char pbuf[_XOPEN_PATH_MAX + 1];
+
if (*path == '\0')
{
errno = ENOENT;
@@ -106,9 +112,10 @@
trailing slash. Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx.
On most systems, with the notable exception of linux, this is
effectively a no-op. */
- char pbuf[32];
+ (void) memset (pbuf, '\0', sizeof(pbuf));
strcpy (pbuf, DEV_FD_PREFIX);
- strcat (pbuf, path + 8);
+ strncat (pbuf, path + 8,
+ (size_t) (sizeof(pbuf) - sizeof(DEV_FD_PREFIX)));
return (stat (pbuf, finfo));
#endif /* !HAVE_DEV_FD */
}