diff options
author | Jay Freeman <saurik@saurik.com> | 2014-09-26 10:03:21 +0000 |
---|---|---|
committer | Jay Freeman <saurik@saurik.com> | 2014-09-26 10:03:21 +0000 |
commit | d513c95110fbec3a9c1f6bb3d56e5ecf0971f058 (patch) | |
tree | 2183c599c8b9648ee8da49512604fe296c066c31 /data/bash/bash40-025 | |
parent | eaacbeade6c101df568afad2308bae83ebd56359 (diff) |
Fix the shellshock vulnerability (not regression).
git-svn-id: http://svn.telesphoreo.org/trunk@793 514c082c-b64e-11dc-b46d-3d985efe055d
Diffstat (limited to 'data/bash/bash40-025')
-rw-r--r-- | data/bash/bash40-025 | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/data/bash/bash40-025 b/data/bash/bash40-025 new file mode 100644 index 000000000..30b38ba31 --- /dev/null +++ b/data/bash/bash40-025 @@ -0,0 +1,104 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.0 +Patch-ID: bash40-025 + +Bug-Reported-by: Matt Zyzik <matt.zyzik@nyu.edu> +Bug-Reference-ID: <20090519011418.GA21431@ice.filescope.com> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-05/msg00044.html + +Bug-Description: + +bash40-024 introduced a regression for constructs like **/*.cs; that +expansion would no longer include matching files in the current directory. +This patch undoes portions of bash40-024 and fixes the original problem +in a different way. + +Patch: + +*** ../bash-4.0-patched/lib/glob/glob.c 2009-05-22 12:32:26.000000000 -0400 +--- lib/glob/glob.c 2009-05-22 12:35:55.000000000 -0400 +*************** +*** 666,672 **** + } + +! /* compat: if GX_ALLDIRS, add the passed directory also, but don't add an +! empty directory name. */ +! if (add_current && (flags & GX_NULLDIR) == 0) + { + sdlen = strlen (dir); +--- 666,673 ---- + } + +! /* compat: if GX_ADDCURDIR, add the passed directory also. Add an empty +! directory name as a placeholder if GX_NULLDIR (in which case the passed +! directory name is "."). */ +! if (add_current) + { + sdlen = strlen (dir); +*************** +*** 680,684 **** + nextlink->next = lastlink; + lastlink = nextlink; +! bcopy (dir, nextname, sdlen + 1); + ++count; + } +--- 681,688 ---- + nextlink->next = lastlink; + lastlink = nextlink; +! if (flags & GX_NULLDIR) +! nextname[0] = '\0'; +! else +! bcopy (dir, nextname, sdlen + 1); + ++count; + } +*************** +*** 1008,1016 **** + /* Just return what glob_vector () returns appended to the + directory name. */ + dflags = flags & ~GX_MARKDIRS; + if (directory_len == 0) + dflags |= GX_NULLDIR; + if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0') +! dflags |= GX_ALLDIRS|GX_ADDCURDIR; + temp_results = glob_vector (filename, + (directory_len == 0 ? "." : directory_name), +--- 1012,1033 ---- + /* Just return what glob_vector () returns appended to the + directory name. */ ++ /* If flags & GX_ALLDIRS, we're called recursively */ + dflags = flags & ~GX_MARKDIRS; + if (directory_len == 0) + dflags |= GX_NULLDIR; + if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0') +! { +! dflags |= GX_ALLDIRS|GX_ADDCURDIR; +! #if 0 +! /* If we want all directories (dflags & GX_ALLDIRS) and we're not +! being called recursively as something like `echo **/*.o' +! ((flags & GX_ALLDIRS) == 0), we want to prevent glob_vector from +! adding a null directory name to the front of the temp_results +! array. We turn off ADDCURDIR if not called recursively and +! dlen == 0 */ +! #endif +! if (directory_len == 0 && (flags & GX_ALLDIRS) == 0) +! dflags &= ~GX_ADDCURDIR; +! } + temp_results = glob_vector (filename, + (directory_len == 0 ? "." : directory_name), +*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500 +--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 24 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 25 + + #endif /* _PATCHLEVEL_H_ */ |