1 files changed, 58 insertions, 0 deletions

diff --git a/data/bash/bash44-003 b/data/bash/bash44-003
new file mode 100644
index 000000000..01b6b6c9d
--- /dev/null
+++ b/data/bash/bash44-003
@@ -0,0 +1,58 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.4
+Patch-ID:	bash44-003
+
+Bug-Reported-by:	op7ic \x00 <op7ica@gmail.com>
+Bug-Reference-ID:	<CAFHyJTopWC5Jx+U7WcvxSZKu+KrqSf+_3sHPiRWo=VzXSiPq=w@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00005.html
+
+Bug-Description:
+
+Specially-crafted input, in this case an incomplete pathname expansion
+bracket expression containing an invalid collating symbol, can cause the
+shell to crash.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.4/lib/glob/sm_loop.c	2016-04-10 11:23:21.000000000 -0400
+--- lib/glob/sm_loop.c	2016-11-02 14:03:34.000000000 -0400
+***************
+*** 331,334 ****
+--- 331,340 ----
+      if (p[pc] == L('.') && p[pc+1] == L(']'))
+        break;
++    if (p[pc] == 0)
++     {
++       if (vp)
++ 	*vp = INVALID;
++       return (p + pc);
++     }
+     val = COLLSYM (p, pc);
+     if (vp)
+***************
+*** 484,487 ****
+--- 490,496 ----
+        c = FOLD (c);
+  
++       if (c == L('\0'))
++ 	return ((test == L('[')) ? savep : (CHAR *)0);
++ 
+        if ((flags & FNM_PATHNAME) && c == L('/'))
+  	/* [/] can never match when matching a pathname.  */
+*** ../bash-4.4/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 2
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 3
+  
+  #endif /* _PATCHLEVEL_H_ */