diff options
Diffstat (limited to 'data/bash/bash32-034')
| -rw-r--r-- | data/bash/bash32-034 | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/data/bash/bash32-034 b/data/bash/bash32-034 deleted file mode 100644 index 4f081624b..000000000 --- a/data/bash/bash32-034 +++ /dev/null @@ -1,74 +0,0 @@ - BASH PATCH REPORT - ================= - -Bash-Release: 3.2 -Patch-ID: bash32-034 - -Bug-Reported-by: Ian Campbell <ian.campbell@xensource.com> -Bug-Reference-ID: <EXCHPAFExU3l5bhn1ow00001dfe@rpc.xensource.com> -Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-10/msg00060.html - -Bug-Description: - -The bash getcwd replacement will write past the end of allocated memory -when it allocates the buffer itself if it uses the buffer size passed as -an argument, and that size is less than the length of the pathname. - -Patch: - -*** ../bash-3.2-patched/lib/sh/getcwd.c 2004-07-21 17:15:19.000000000 -0400 ---- lib/sh/getcwd.c 2007-12-31 19:26:36.000000000 -0500 -*************** -*** 252,268 **** - { - size_t len = pathbuf + pathsize - pathp; - if (buf == NULL) - { -! if (len < (size_t) size) -! len = size; -! buf = (char *) malloc (len); - if (buf == NULL) - goto lose2; - } -! else if ((size_t) size < len) -! { -! errno = ERANGE; -! goto lose2; -! } - (void) memcpy((PTR_T) buf, (PTR_T) pathp, len); - } ---- 287,305 ---- - { - size_t len = pathbuf + pathsize - pathp; -+ if (buf == NULL && size <= 0) -+ size = len; -+ -+ if ((size_t) size < len) -+ { -+ errno = ERANGE; -+ goto lose2; -+ } - if (buf == NULL) - { -! buf = (char *) malloc (size); - if (buf == NULL) - goto lose2; - } -! - (void) memcpy((PTR_T) buf, (PTR_T) pathp, len); - } -*** ../bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006 ---- patchlevel.h Mon Oct 16 14:22:54 2006 -*************** -*** 26,30 **** - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 33 - - #endif /* _PATCHLEVEL_H_ */ ---- 26,30 ---- - looks for to find the patch level (for the sccs version string). */ - -! #define PATCHLEVEL 34 - - #endif /* _PATCHLEVEL_H_ */ |