Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/bash/patches/solaris-019.eaccess.c.patch
author Stefan Teleman <stefan.teleman@oracle.com>
Thu, 13 Dec 2012 15:52:21 -0800
changeset 1082 6d49548fa9da
child 5518 c47fe0edc204
permissions -rw-r--r--
15754923 SUNBT7111705 Upgrade bash to 4.2

--- lib/sh/eaccess.c	2012-10-09 12:45:17.924274300 -0700
+++ lib/sh/eaccess.c	2012-10-09 12:44:21.930979200 -0700
@@ -40,6 +40,10 @@
 #if !defined (_POSIX_VERSION) && defined (HAVE_SYS_FILE_H)
 #  include <sys/file.h>
 #endif /* !_POSIX_VERSION */
+
+#include <string.h> /* memset(3C) */
+#include <limits.h> /* _XOPEN_PATH_MAX */
+
 #include "posixstat.h"
 #include "filecntl.h"
 
@@ -82,7 +86,7 @@
      const char *path;
      struct stat *finfo;
 {
-  static char *pbuf = 0;
+  static char pbuf[_XOPEN_PATH_MAX + 1];
 
   if (*path == '\0')
     {
@@ -108,9 +112,11 @@
      trailing slash.  Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx.
      On most systems, with the notable exception of linux, this is
      effectively a no-op. */
-      pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
+  /* The way CVE-2012-3410 was fixed is wrong */
+      (void) memset (pbuf, '\0', sizeof(pbuf));
       strcpy (pbuf, DEV_FD_PREFIX);
-      strcat (pbuf, path + 8);
+      strncat (pbuf, path + 8,
+          (size_t) (sizeof(pbuf) - sizeof(DEV_FD_PREFIX)));
       return (stat (pbuf, finfo));
 #endif /* !HAVE_DEV_FD */
     }
upstream/oracle/userland-gate