wok-4.x rev 12438
bash: CVE-2014-6271 fix
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Thu Sep 25 12:58:21 2014 +0200 (2014-09-25) |
| parents | 172af4c4dff1 |
| children | 4acc6a6b8f4f |
| files | bash/receipt bash/stuff/funcdef-import-4.2.patch |
line diff
1.1 --- a/bash/receipt Sun Sep 07 08:36:16 2014 +0200 1.2 +++ b/bash/receipt Thu Sep 25 12:58:21 2014 +0200 1.3 @@ -16,6 +16,8 @@ 1.4 cook_tmp_toolchain() 1.5 { 1.6 cd $src 1.7 + # CVE-2014-6271 1.8 + patch -p0 < $stuff/funcdef-import-4.2.patch 1.9 ./configure --without-bash-malloc && 1.10 make && make install 1.11 } 1.12 @@ -25,6 +27,8 @@ 1.13 { 1.14 # Patch and then build. 1.15 cd $src 1.16 + # CVE-2014-6271 1.17 + patch -p0 < $stuff/funcdef-import-4.2.patch 1.18 # Skip tests that can not run while cross-compiling. 1.19 cat > config.cache << "EOF" 1.20 ac_cv_func_mmap_fixed_mapped=yes
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/bash/stuff/funcdef-import-4.2.patch Thu Sep 25 12:58:21 2014 +0200 2.3 @@ -0,0 +1,72 @@ 2.4 +*** ../bash-4.2.47/builtins/common.h 2010-05-30 18:31:51.000000000 -0400 2.5 +--- builtins/common.h 2014-09-16 19:35:45.000000000 -0400 2.6 +*************** 2.7 +*** 36,39 **** 2.8 +--- 36,41 ---- 2.9 + 2.10 + /* Flags for describe_command, shared between type.def and command.def */ 2.11 ++ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ 2.12 ++ #define SEVAL_ONECMD 0x100 /* only allow a single command */ 2.13 + #define CDESC_ALL 0x001 /* type -a */ 2.14 + #define CDESC_SHORTDESC 0x002 /* command -V */ 2.15 +*** ../bash-4.2.47/builtins/evalstring.c 2010-11-23 08:22:15.000000000 -0500 2.16 +--- builtins/evalstring.c 2014-09-16 19:35:45.000000000 -0400 2.17 +*************** 2.18 +*** 262,265 **** 2.19 +--- 262,273 ---- 2.20 + struct fd_bitmap *bitmap; 2.21 + 2.22 ++ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) 2.23 ++ { 2.24 ++ internal_warning ("%s: ignoring function definition attempt", from_file); 2.25 ++ should_jump_to_top_level = 0; 2.26 ++ last_result = last_command_exit_value = EX_BADUSAGE; 2.27 ++ break; 2.28 ++ } 2.29 ++ 2.30 + bitmap = new_fd_bitmap (FD_BITMAP_SIZE); 2.31 + begin_unwind_frame ("pe_dispose"); 2.32 +*************** 2.33 +*** 322,325 **** 2.34 +--- 330,336 ---- 2.35 + dispose_fd_bitmap (bitmap); 2.36 + discard_unwind_frame ("pe_dispose"); 2.37 ++ 2.38 ++ if (flags & SEVAL_ONECMD) 2.39 ++ break; 2.40 + } 2.41 + } 2.42 +*** ../bash-4.2.47/variables.c 2011-03-01 16:15:20.000000000 -0500 2.43 +--- variables.c 2014-09-16 19:35:45.000000000 -0400 2.44 +*************** 2.45 +*** 348,357 **** 2.46 + strcpy (temp_string + char_index + 1, string); 2.47 + 2.48 +! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); 2.49 +! 2.50 +! /* Ancient backwards compatibility. Old versions of bash exported 2.51 +! functions like name()=() {...} */ 2.52 +! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') 2.53 +! name[char_index - 2] = '\0'; 2.54 + 2.55 + if (temp_var = find_function (name)) 2.56 +--- 348,355 ---- 2.57 + strcpy (temp_string + char_index + 1, string); 2.58 + 2.59 +! /* Don't import function names that are invalid identifiers from the 2.60 +! environment. */ 2.61 +! if (legal_identifier (name)) 2.62 +! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); 2.63 + 2.64 + if (temp_var = find_function (name)) 2.65 +*************** 2.66 +*** 362,369 **** 2.67 + else 2.68 + report_error (_("error importing function definition for `%s'"), name); 2.69 +- 2.70 +- /* ( */ 2.71 +- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') 2.72 +- name[char_index - 2] = '('; /* ) */ 2.73 + } 2.74 + #if defined (ARRAY_VARS) 2.75 +--- 360,363 ----