From 2a73244eb6d3baf12f135a243c22103085ada98b Mon Sep 17 00:00:00 2001 From: spz Date: Wed, 18 Jul 2012 15:43:09 +0000 Subject: add patch from the Bash project fixing CVE-2012-3410 --- shells/bash/Makefile | 4 ++-- shells/bash/distinfo | 3 ++- shells/bash/patches/patch-lib_sh_eaccess.c | 37 ++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 shells/bash/patches/patch-lib_sh_eaccess.c (limited to 'shells') diff --git a/shells/bash/Makefile b/shells/bash/Makefile index ea02468d17f..a9c457d6545 100644 --- a/shells/bash/Makefile +++ b/shells/bash/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.52 2011/04/22 13:44:39 obache Exp $ +# $NetBSD: Makefile,v 1.53 2012/07/18 15:43:09 spz Exp $ BASH_VERSION= 4.2 DISTNAME= bash-${BASH_VERSION} #PKGNAME= bash-${BASH_VERSION}.${BASH_PATCHLEVEL} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= shells MASTER_SITES= ${MASTER_SITE_GNU:=bash/} \ ftp://ftp.cwru.edu/pub/bash/ diff --git a/shells/bash/distinfo b/shells/bash/distinfo index 739b623c5a7..7be54aea22f 100644 --- a/shells/bash/distinfo +++ b/shells/bash/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2011/03/22 04:45:31 obache Exp $ +$NetBSD: distinfo,v 1.25 2012/07/18 15:43:10 spz Exp $ SHA1 (bash-4.2.tar.gz) = 487840ab7134eb7901fbb2e49b0ee3d22de15cb8 RMD160 (bash-4.2.tar.gz) = df7ae51783f039a1234d3b720ffcf4bfa5d09673 @@ -8,3 +8,4 @@ SHA1 (patch-ag) = 4da0a43f6b890482affff46b18eef4be67770e48 SHA1 (patch-ai) = 26825922898567841bed0bf62a8dee3bcc50cd75 SHA1 (patch-aj) = 8b3c52c2aee9cf53ee5a9ce64ead243d0970305e SHA1 (patch-ak) = 6dfb7195f45f81064f687a4c9febb9dcae721aa7 +SHA1 (patch-lib_sh_eaccess.c) = 484577f09efe67f604c3fb85afdb5a58b64f5b6c diff --git a/shells/bash/patches/patch-lib_sh_eaccess.c b/shells/bash/patches/patch-lib_sh_eaccess.c new file mode 100644 index 00000000000..f7bb5d94778 --- /dev/null +++ b/shells/bash/patches/patch-lib_sh_eaccess.c @@ -0,0 +1,37 @@ +$NetBSD: patch-lib_sh_eaccess.c,v 1.1 2012/07/18 15:43:12 spz Exp $ + +from ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033 + + Bash-Release: 4.2 + Patch-ID: bash42-033 + + Bug-Reported-by: David Leverton + Bug-Reference-ID: <4FCCE737.1060603@googlemail.com> + Bug-Reference-URL: + + Bug-Description: + + Bash uses a static buffer when expanding the /dev/fd prefix for the test + and conditional commands, among other uses, when it should use a dynamic + buffer to avoid buffer overflow. + +--- lib/sh/eaccess.c.orig 2011-01-09 01:50:10.000000000 +0000 ++++ lib/sh/eaccess.c +@@ -82,6 +82,8 @@ sh_stat (path, finfo) + const char *path; + struct stat *finfo; + { ++ static char *pbuf = 0; ++ + if (*path == '\0') + { + errno = ENOENT; +@@ -106,7 +108,7 @@ sh_stat (path, finfo) + trailing slash. Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx. + On most systems, with the notable exception of linux, this is + effectively a no-op. */ +- char pbuf[32]; ++ pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); + strcpy (pbuf, DEV_FD_PREFIX); + strcat (pbuf, path + 8); + return (stat (pbuf, finfo)); -- cgit v1.2.3