aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch
diff options
context:
space:
mode:
authorCatalin Popeanga <Catalin.Popeanga@enea.com>2014-10-09 14:24:53 +0200
committerPaul Eggleton <paul.eggleton@linux.intel.com>2014-10-12 21:29:14 +0100
commitae653aed4c6b7d8075cd464edcd2e01237bfc105 (patch)
treeaa134f8d93c3f94ec11c094c7c79df3b024db32d /meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch
parent32818a104ae99a5795d91a2960d48d433d542dee (diff)
downloadopenembedded-core-ae653aed4c6b7d8075cd464edcd2e01237bfc105.tar.gz
bash: Fix for CVE-2014-6277
Follow up bash42-049 to parse properly function definitions in the values of environment variables, to not allow remote attackers to execute arbitrary code or to cause a denial of service. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 (From OE-Core daisy rev: 85961bcf81650992259cebb0ef1f1c6cdef3fefa) Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Diffstat (limited to 'meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch')
-rw-r--r--meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch b/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch
new file mode 100644
index 0000000000..83b40027cf
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch
@@ -0,0 +1,44 @@
+bash: Fix CVE-2014-6277 (shellshock)
+
+Upstream-status: backport
+
+Downloaded from:
+ftp://ftp.gnu.org/pub/bash/bash-4.3-patches/bash43-029
+
+Author: Chet Ramey <chet.ramey@case.edu>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-029
+
+Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized. This can result in an invalid memory access when the parsed
+function is later copied.
+---
+--- a/make_cmd.c 2011-12-16 08:08:01.000000000 -0500
++++ b/make_cmd.c 2014-10-02 11:24:23.000000000 -0400
+@@ -693,4 +693,5 @@
+ temp->redirector = source;
+ temp->redirectee = dest_and_filename;
++ temp->here_doc_eof = 0;
+ temp->instruction = instruction;
+ temp->flags = 0;
+--- a/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400
++++ b/copy_cmd.c 2014-10-02 11:24:23.000000000 -0400
+@@ -127,5 +127,5 @@
+ case r_reading_until:
+ case r_deblank_reading_until:
+- new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
++ new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+ /*FALLTHROUGH*/
+ case r_reading_string: