bash44-003 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. BASH PATCH REPORT
  2. =================
  3. Bash-Release: 4.4
  4. Patch-ID: bash44-003
  5. Bug-Reported-by: op7ic \x00 <op7ica@gmail.com>
  6. Bug-Reference-ID: <CAFHyJTopWC5Jx+U7WcvxSZKu+KrqSf+_3sHPiRWo=VzXSiPq=w@mail.gmail.com>
  7. Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00005.html
  8. Bug-Description:
  9. Specially-crafted input, in this case an incomplete pathname expansion
  10. bracket expression containing an invalid collating symbol, can cause the
  11. shell to crash.
  12. Patch (apply with `patch -p0'):
  13. *** ../bash-4.4/lib/glob/sm_loop.c 2016-04-10 11:23:21.000000000 -0400
  14. --- lib/glob/sm_loop.c 2016-11-02 14:03:34.000000000 -0400
  15. ***************
  16. *** 331,334 ****
  17. --- 331,340 ----
  18. if (p[pc] == L('.') && p[pc+1] == L(']'))
  19. break;
  20. + if (p[pc] == 0)
  21. + {
  22. + if (vp)
  23. + *vp = INVALID;
  24. + return (p + pc);
  25. + }
  26. val = COLLSYM (p, pc);
  27. if (vp)
  28. ***************
  29. *** 484,487 ****
  30. --- 490,496 ----
  31. c = FOLD (c);
  32. + if (c == L('\0'))
  33. + return ((test == L('[')) ? savep : (CHAR *)0);
  34. +
  35. if ((flags & FNM_PATHNAME) && c == L('/'))
  36. /* [/] can never match when matching a pathname. */
  37. *** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
  38. --- patchlevel.h 2016-10-01 11:01:28.000000000 -0400
  39. ***************
  40. *** 26,30 ****
  41. looks for to find the patch level (for the sccs version string). */
  42. ! #define PATCHLEVEL 2
  43. #endif /* _PATCHLEVEL_H_ */
  44. --- 26,30 ----
  45. looks for to find the patch level (for the sccs version string). */
  46. ! #define PATCHLEVEL 3
  47. #endif /* _PATCHLEVEL_H_ */