diff options
Diffstat (limited to 'package/bash/bash44-006.patch')
| -rw-r--r-- | package/bash/bash44-006.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/package/bash/bash44-006.patch b/package/bash/bash44-006.patch new file mode 100644 index 000000000..ba58ed40c --- /dev/null +++ b/package/bash/bash44-006.patch @@ -0,0 +1,63 @@ +From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-006 + +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> + + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-006 + +Bug-Reported-by: <fernando@null-life.com> +Bug-Reference-ID: <CAEr-gPFPvqheiAeENmMkEwWRd4U=1iqCsYmR3sLdULOqL++_tQ@mail.gmail.com> +Bug-Reference-URL: + +Bug-Description: + +Out-of-range negative offsets to popd can cause the shell to crash attempting +to free an invalid memory block. + +Patch (apply with `patch -p0'): + +*** bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.000000000 -0500 +--- b/builtins/pushd.def 2016-10-28 10:46:49.000000000 -0400 +*************** +*** 366,370 **** + } + +! if (which > directory_list_offset || (directory_list_offset == 0 && which == 0)) + { + pushd_error (directory_list_offset, which_word ? which_word : ""); +--- b/366,370 ---- + } + +! if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0)) + { + pushd_error (directory_list_offset, which_word ? which_word : ""); +*************** +*** 388,391 **** +--- b/388,396 ---- + of the list into place. */ + i = (direction == '+') ? directory_list_offset - which : which; ++ if (i < 0 || i > directory_list_offset) ++ { ++ pushd_error (directory_list_offset, which_word ? which_word : ""); ++ return (EXECUTION_FAILURE); ++ } + free (pushd_directory_list[i]); + directory_list_offset--; +*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 5 + + #endif /* _PATCHLEVEL_H_ */ +--- b/26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 6 + + #endif /* _PATCHLEVEL_H_ */ |