| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- BASH PATCH REPORT
- =================
- Bash-Release: 4.4
- Patch-ID: bash44-006
- Bug-Reported-by: <fernando@null-life.com>
- Bug-Reference-ID: <CAEr-gPFPvqheiAeENmMkEwWRd4U=1iqCsYmR3sLdULOqL++_tQ@mail.gmail.com>
- Bug-Reference-URL:
- Bug-Description:
- Out-of-range negative offsets to popd can cause the shell to crash attempting
- to free an invalid memory block.
- Patch (apply with `patch -p0'):
- *** ../bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.000000000 -0500
- --- builtins/pushd.def 2016-10-28 10:46:49.000000000 -0400
- ***************
- *** 366,370 ****
- }
-
- ! if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
- {
- pushd_error (directory_list_offset, which_word ? which_word : "");
- --- 366,370 ----
- }
-
- ! if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
- {
- pushd_error (directory_list_offset, which_word ? which_word : "");
- ***************
- *** 388,391 ****
- --- 388,396 ----
- of the list into place. */
- i = (direction == '+') ? directory_list_offset - which : which;
- + if (i < 0 || i > directory_list_offset)
- + {
- + pushd_error (directory_list_offset, which_word ? which_word : "");
- + return (EXECUTION_FAILURE);
- + }
- free (pushd_directory_list[i]);
- directory_list_offset--;
- *** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
- --- patchlevel.h 2016-10-01 11:01:28.000000000 -0400
- ***************
- *** 26,30 ****
- looks for to find the patch level (for the sccs version string). */
-
- ! #define PATCHLEVEL 5
-
- #endif /* _PATCHLEVEL_H_ */
- --- 26,30 ----
- looks for to find the patch level (for the sccs version string). */
-
- ! #define PATCHLEVEL 6
-
- #endif /* _PATCHLEVEL_H_ */
|
