summaryrefslogtreecommitdiff
path: root/debian/patches/bash32-034.dpatch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/bash32-034.dpatch')
-rw-r--r--debian/patches/bash32-034.dpatch93
1 files changed, 93 insertions, 0 deletions
diff --git a/debian/patches/bash32-034.dpatch b/debian/patches/bash32-034.dpatch
new file mode 100644
index 0000000..19428e5
--- /dev/null
+++ b/debian/patches/bash32-034.dpatch
@@ -0,0 +1,93 @@
+#! /bin/sh -e
+
+if [ $# -eq 3 -a "$2" = '-d' ]; then
+ pdir="-d $3"
+elif [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+case "$1" in
+ -patch) patch $pdir -f --no-backup-if-mismatch -p0 < $0;;
+ -unpatch) patch $pdir -f --no-backup-if-mismatch -R -p0 < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+esac
+exit 0
+
+# DP: bash-3.2 upstream patch bash32-034
+
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 3.2
+Patch-ID: bash32-034
+
+Bug-Reported-by: Ian Campbell <ian.campbell@xensource.com>
+Bug-Reference-ID: <EXCHPAFExU3l5bhn1ow00001dfe@rpc.xensource.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2007-10/msg00060.html
+
+Bug-Description:
+
+The bash getcwd replacement will write past the end of allocated memory
+when it allocates the buffer itself if it uses the buffer size passed as
+an argument, and that size is less than the length of the pathname.
+
+Patch:
+
+*** ../bash-3.2-patched/lib/sh/getcwd.c 2004-07-21 17:15:19.000000000 -0400
+--- lib/sh/getcwd.c 2007-12-31 19:26:36.000000000 -0500
+***************
+*** 252,268 ****
+ {
+ size_t len = pathbuf + pathsize - pathp;
+ if (buf == NULL)
+ {
+! if (len < (size_t) size)
+! len = size;
+! buf = (char *) malloc (len);
+ if (buf == NULL)
+ goto lose2;
+ }
+! else if ((size_t) size < len)
+! {
+! errno = ERANGE;
+! goto lose2;
+! }
+ (void) memcpy((PTR_T) buf, (PTR_T) pathp, len);
+ }
+--- 287,305 ----
+ {
+ size_t len = pathbuf + pathsize - pathp;
++ if (buf == NULL && size <= 0)
++ size = len;
++
++ if ((size_t) size < len)
++ {
++ errno = ERANGE;
++ goto lose2;
++ }
+ if (buf == NULL)
+ {
+! buf = (char *) malloc (size);
+ if (buf == NULL)
+ goto lose2;
+ }
+!
+ (void) memcpy((PTR_T) buf, (PTR_T) pathp, len);
+ }
+*** ../bash-3.2/patchlevel.h Thu Apr 13 08:31:04 2006
+--- patchlevel.h Mon Oct 16 14:22:54 2006
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 33
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 34
+
+ #endif /* _PATCHLEVEL_H_ */