diff options
Diffstat (limited to 'meta/recipes-extended/bash/bash-3.2.48/cve-2014-6277.patch')
-rw-r--r-- | meta/recipes-extended/bash/bash-3.2.48/cve-2014-6277.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6277.patch b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6277.patch new file mode 100644 index 0000000000..ed63916669 --- /dev/null +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-6277.patch @@ -0,0 +1,44 @@ +bash: Fix CVE-2014-6277 (shellshock) + +Upstream-status: backport + +Downloaded from: +ftp://ftp.gnu.org/pub/bash/bash-3.2-patches/bash32-056 + +Author: Chet Ramey <chet.ramey@case.edu> +Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com> + + BASH PATCH REPORT + ================= + +Bash-Release: 3.2 +Patch-ID: bash32-056 + +Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx> +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +When bash is parsing a function definition that contains a here-document +delimited by end-of-file (or end-of-string), it leaves the closing delimiter +uninitialized. This can result in an invalid memory access when the parsed +function is later copied. +--- +--- a/make_cmd.c 2006-09-12 09:21:22.000000000 -0400 ++++ b/make_cmd.c 2014-10-02 11:41:40.000000000 -0400 +@@ -677,4 +677,5 @@ + temp->redirector = source; + temp->redirectee = dest_and_filename; ++ temp->here_doc_eof = 0; + temp->instruction = instruction; + temp->flags = 0; +--- a/copy_cmd.c 2003-10-07 11:43:44.000000000 -0400 ++++ b/copy_cmd.c 2014-10-02 11:41:40.000000000 -0400 +@@ -117,5 +117,5 @@ + case r_reading_until: + case r_deblank_reading_until: +- new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); ++ new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; + /*FALLTHROUGH*/ + case r_reading_string: |