bash: Fix CVE-2014-6277 (shellshock)
 
Upstream-status: backport
 
Downloaded from: 
ftp://ftp.gnu.org/pub/bash/bash-4.3-patches/bash43-029
 
Author: Chet Ramey <chet.ramey@case.edu>
Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>

			     BASH PATCH REPORT
			     =================

Bash-Release:	4.3
Patch-ID:	bash43-029

Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

When bash is parsing a function definition that contains a here-document
delimited by end-of-file (or end-of-string), it leaves the closing delimiter
uninitialized.  This can result in an invalid memory access when the parsed
function is later copied.
---
--- a/make_cmd.c	2011-12-16 08:08:01.000000000 -0500
+++ b/make_cmd.c	2014-10-02 11:24:23.000000000 -0400
@@ -693,4 +693,5 @@
   temp->redirector = source;
   temp->redirectee = dest_and_filename;
+  temp->here_doc_eof = 0;
   temp->instruction = instruction;
   temp->flags = 0;
--- a/copy_cmd.c	2009-09-11 16:28:02.000000000 -0400
+++ b/copy_cmd.c	2014-10-02 11:24:23.000000000 -0400
@@ -127,5 +127,5 @@
     case r_reading_until:
     case r_deblank_reading_until:
-      new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
+      new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
       /*FALLTHROUGH*/
     case r_reading_string: