| From http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-035 |
| |
| Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> |
| |
| BASH PATCH REPORT |
| ================= |
| |
| Bash-Release: 4.3 |
| Patch-ID: bash43-035 |
| |
| Bug-Reported-by: <romerox.adrian@gmail.com> |
| Bug-Reference-ID: <CABV5r3zhPXmSKUe9uedeGc5YFBM2njJ1iVmY2h5neWdQpDBQug@mail.gmail.com> |
| Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-08/msg00045.html |
| |
| Bug-Description: |
| |
| A locale with a long name can trigger a buffer overflow and core dump. This |
| applies on systems that do not have locale_charset in libc, are not using |
| GNU libiconv, and are not using the libintl that ships with bash in lib/intl. |
| |
| Patch (apply with `patch -p0'): |
| |
| *** a/bash-4.3-patched/lib/sh/unicode.c 2014-01-30 16:47:19.000000000 -0500 |
| --- b/lib/sh/unicode.c 2015-05-01 08:58:30.000000000 -0400 |
| *************** |
| *** 79,83 **** |
| if (s) |
| { |
| ! strcpy (charsetbuf, s+1); |
| t = strchr (charsetbuf, '@'); |
| if (t) |
| --- 79,84 ---- |
| if (s) |
| { |
| ! strncpy (charsetbuf, s+1, sizeof (charsetbuf) - 1); |
| ! charsetbuf[sizeof (charsetbuf) - 1] = '\0'; |
| t = strchr (charsetbuf, '@'); |
| if (t) |
| *************** |
| *** 85,89 **** |
| return charsetbuf; |
| } |
| ! strcpy (charsetbuf, locale); |
| return charsetbuf; |
| } |
| --- 86,91 ---- |
| return charsetbuf; |
| } |
| ! strncpy (charsetbuf, locale, sizeof (charsetbuf) - 1); |
| ! charsetbuf[sizeof (charsetbuf) - 1] = '\0'; |
| return charsetbuf; |
| } |
| *** a/bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 |
| --- b/patchlevel.h 2014-03-20 20:01:28.000000000 -0400 |
| *************** |
| *** 26,30 **** |
| looks for to find the patch level (for the sccs version string). */ |
| |
| ! #define PATCHLEVEL 34 |
| |
| #endif /* _PATCHLEVEL_H_ */ |
| --- 26,30 ---- |
| looks for to find the patch level (for the sccs version string). */ |
| |
| ! #define PATCHLEVEL 35 |
| |
| #endif /* _PATCHLEVEL_H_ */ |
