diff options
Diffstat (limited to 'debian/patches/bash32-034.dpatch')
| -rw-r--r-- | debian/patches/bash32-034.dpatch | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/debian/patches/bash32-034.dpatch b/debian/patches/bash32-034.dpatch new file mode 100644 index 0000000..19428e5 --- /dev/null +++ b/debian/patches/bash32-034.dpatch @@ -0,0 +1,93 @@ +#! /bin/sh -e + +if [ $# -eq 3 -a "$2" = '-d' ]; then + pdir="-d $3" +elif [ $# -ne 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch $pdir -f --no-backup-if-mismatch -p0 < $0;; + -unpatch) patch $pdir -f --no-backup-if-mismatch -R -p0 < $0;; + *) + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +esac +exit 0 + +# DP: bash-3.2 upstream patch bash32-034 + + BASH PATCH REPORT + ================= + +Bash-Release: 3.2 +Patch-ID: bash32-034 + +Bug-Reported-by: Ian Campbell <ian.campbell@xensource.com> +Bug-Reference-ID: <EXCHPAFExU3l5bhn1ow00001dfe@rpc.xensource.com> +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-10/msg00060.html + +Bug-Description: + +The bash getcwd replacement will write past the end of allocated memory +when it allocates the buffer itself if it uses the buffer size passed as +an argument, and that size is less than the length of the pathname. + +Patch: + +*** ../bash-3.2-patched/lib/sh/getcwd.c 2004-07-21 17:15:19.000000000 -0400 +--- lib/sh/getcwd.c 2007-12-31 19:26:36.000000000 -0500 +*************** +*** 252,268 **** + { + size_t len = pathbuf + pathsize - pathp; + if (buf == NULL) + { +! if (len < (size_t) size) +! len = size; +! buf = (char *) malloc (len); + if (buf == NULL) + goto lose2; + } +! else if ((size_t) size < len) +! { +! errno = ERANGE; +! goto lose2; +! } + (void) memcpy((PTR_T) buf, (PTR_T) pathp, len); + } +--- 287,305 ---- + { + size_t len = pathbuf + pathsize - pathp; ++ if (buf == NULL && size <= 0) ++ size = len; ++ ++ if ((size_t) size < len) ++ { ++ errno = ERANGE; ++ goto lose2; ++ } + if (buf == NULL) + { +! buf = (char *) malloc (size); + if (buf == NULL) + goto lose2; + } +! + (void) memcpy((PTR_T) buf, (PTR_T) pathp, len); + } +*** ../bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006 +--- patchlevel.h Mon Oct 16 14:22:54 2006 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 33 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 34 + + #endif /* _PATCHLEVEL_H_ */ |