From ae653aed4c6b7d8075cd464edcd2e01237bfc105 Mon Sep 17 00:00:00 2001 From: Catalin Popeanga Date: Thu, 9 Oct 2014 14:24:53 +0200 Subject: bash: Fix for CVE-2014-6277 Follow up bash42-049 to parse properly function definitions in the values of environment variables, to not allow remote attackers to execute arbitrary code or to cause a denial of service. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 (From OE-Core daisy rev: 85961bcf81650992259cebb0ef1f1c6cdef3fefa) Signed-off-by: Catalin Popeanga Signed-off-by: Paul Eggleton --- .../bash/bash-4.2/cve-2014-6277.patch | 44 ++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch (limited to 'meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch') diff --git a/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch b/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch new file mode 100644 index 0000000000..83b40027cf --- /dev/null +++ b/meta/recipes-extended/bash/bash-4.2/cve-2014-6277.patch @@ -0,0 +1,44 @@ +bash: Fix CVE-2014-6277 (shellshock) + +Upstream-status: backport + +Downloaded from: +ftp://ftp.gnu.org/pub/bash/bash-4.3-patches/bash43-029 + +Author: Chet Ramey +Signed-off-by: Catalin Popeanga + + BASH PATCH REPORT + ================= + +Bash-Release: 4.3 +Patch-ID: bash43-029 + +Bug-Reported-by: Michal Zalewski +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +When bash is parsing a function definition that contains a here-document +delimited by end-of-file (or end-of-string), it leaves the closing delimiter +uninitialized. This can result in an invalid memory access when the parsed +function is later copied. +--- +--- a/make_cmd.c 2011-12-16 08:08:01.000000000 -0500 ++++ b/make_cmd.c 2014-10-02 11:24:23.000000000 -0400 +@@ -693,4 +693,5 @@ + temp->redirector = source; + temp->redirectee = dest_and_filename; ++ temp->here_doc_eof = 0; + temp->instruction = instruction; + temp->flags = 0; +--- a/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400 ++++ b/copy_cmd.c 2014-10-02 11:24:23.000000000 -0400 +@@ -127,5 +127,5 @@ + case r_reading_until: + case r_deblank_reading_until: +- new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); ++ new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; + /*FALLTHROUGH*/ + case r_reading_string: -- cgit 1.2.3-korg