diff options
author | Jay Freeman <saurik@saurik.com> | 2014-09-26 10:03:21 +0000 |
---|---|---|
committer | Jay Freeman <saurik@saurik.com> | 2014-09-26 10:03:21 +0000 |
commit | d513c95110fbec3a9c1f6bb3d56e5ecf0971f058 (patch) | |
tree | 2183c599c8b9648ee8da49512604fe296c066c31 /data/bash/bash40-040 | |
parent | eaacbeade6c101df568afad2308bae83ebd56359 (diff) |
Fix the shellshock vulnerability (not regression).
git-svn-id: http://svn.telesphoreo.org/trunk@793 514c082c-b64e-11dc-b46d-3d985efe055d
Diffstat (limited to 'data/bash/bash40-040')
-rw-r--r-- | data/bash/bash40-040 | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/data/bash/bash40-040 b/data/bash/bash40-040 new file mode 100644 index 000000000..a8ae2c577 --- /dev/null +++ b/data/bash/bash40-040 @@ -0,0 +1,60 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 4.0 +Patch-ID: bash40-040 + +Bug-Reported-by: Tavis Ormandy <taviso () cmpxchg8b com> +Bug-Reference-ID: +Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 + +Bug-Description: + +Under certain circumstances, bash can incorrectly save a lookahead character and +return it on a subsequent call, even when reading a new line. + +Patch (apply with `patch -p0'): + +*** ../bash-4.0.39/parse.y 2009-06-02 09:08:07.000000000 -0400 +--- parse.y 2014-09-25 16:15:47.000000000 -0400 +*************** +*** 2671,2674 **** +--- 2671,2676 ---- + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + current_token = '\n'; /* XXX */ + last_read_token = '\n'; +*** ../bash-4.0.39/y.tab.c 2009-01-08 09:30:24.000000000 -0500 +--- y.tab.c 2014-09-25 20:27:08.000000000 -0400 +*************** +*** 4927,4930 **** +--- 4927,4932 ---- + word_desc_to_read = (WORD_DESC *)NULL; + ++ eol_ungetc_lookahead = 0; ++ + last_read_token = '\n'; + token_to_read = '\n'; +*************** +*** 7910,7912 **** + } + #endif /* HANDLE_MULTIBYTE */ +- +--- 7912,7913 ---- +*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500 +--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 39 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 40 + + #endif /* _PATCHLEVEL_H_ */ |