# HG changeset patch # User Stefan Teleman # Date 1411595059 25200 # Node ID 4af2ab639479a9e6bbfb4403275bfe9ea374bd9d # Parent aaa4446345504264e6993d882be8877ec9bd9f4c 19678459 problem in UTILITY/BASH diff -r aaa444634550 -r 4af2ab639479 components/bash/patches/funcdef-import-4.1-CVE-2014-6271.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/bash/patches/funcdef-import-4.1-CVE-2014-6271.patch Wed Sep 24 14:44:19 2014 -0700 @@ -0,0 +1,76 @@ +# Patch is from the bash project. +# It is currently embargo'ed (as of 2014-02-23). +# It will become an official bash patch once the embargo is lifted. +*** ../bash-4.1.11/builtins/common.h 2009-12-22 16:30:42.000000000 -0500 +--- builtins/common.h 2014-09-16 19:27:38.000000000 -0400 +*************** +*** 36,39 **** +--- 36,41 ---- + + /* Flags for describe_command, shared between type.def and command.def */ ++ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ ++ #define SEVAL_ONECMD 0x100 /* only allow a single command */ + #define CDESC_ALL 0x001 /* type -a */ + #define CDESC_SHORTDESC 0x002 /* command -V */ +*** ../bash-4.1.11/builtins/evalstring.c 2009-10-17 21:18:50.000000000 -0400 +--- builtins/evalstring.c 2014-09-16 19:27:38.000000000 -0400 +*************** +*** 262,265 **** +--- 262,273 ---- + struct fd_bitmap *bitmap; + ++ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) ++ { ++ internal_warning ("%s: ignoring function definition attempt", from_file); ++ should_jump_to_top_level = 0; ++ last_result = last_command_exit_value = EX_BADUSAGE; ++ break; ++ } ++ + bitmap = new_fd_bitmap (FD_BITMAP_SIZE); + begin_unwind_frame ("pe_dispose"); +*************** +*** 322,325 **** +--- 330,336 ---- + dispose_fd_bitmap (bitmap); + discard_unwind_frame ("pe_dispose"); ++ ++ if (flags & SEVAL_ONECMD) ++ break; + } + } +*** ../bash-4.1.11/variables.c 2010-03-26 12:15:39.000000000 -0400 +--- variables.c 2014-09-16 19:27:38.000000000 -0400 +*************** +*** 348,357 **** + strcpy (temp_string + char_index + 1, string); + +! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); +! +! /* Ancient backwards compatibility. Old versions of bash exported +! functions like name()=() {...} */ +! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') +! name[char_index - 2] = '\0'; + + if (temp_var = find_function (name)) +--- 348,355 ---- + strcpy (temp_string + char_index + 1, string); + +! /* Don't import function names that are invalid identifiers from the +! environment. */ +! if (legal_identifier (name)) +! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); + + if (temp_var = find_function (name)) +*************** +*** 362,369 **** + else + report_error (_("error importing function definition for `%s'"), name); +- +- /* ( */ +- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') +- name[char_index - 2] = '('; /* ) */ + } + #if defined (ARRAY_VARS) +--- 360,363 ---- +