135-upstream-bash43-035.patch 1.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. BASH PATCH REPORT
  2. =================
  3. Bash-Release: 4.3
  4. Patch-ID: bash43-035
  5. Bug-Reported-by: <romerox.adrian@gmail.com>
  6. Bug-Reference-ID: <CABV5r3zhPXmSKUe9uedeGc5YFBM2njJ1iVmY2h5neWdQpDBQug@mail.gmail.com>
  7. Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-08/msg00045.html
  8. Bug-Description:
  9. A locale with a long name can trigger a buffer overflow and core dump. This
  10. applies on systems that do not have locale_charset in libc, are not using
  11. GNU libiconv, and are not using the libintl that ships with bash in lib/intl.
  12. Patch (apply with `patch -p0'):
  13. --- a/lib/sh/unicode.c
  14. +++ b/lib/sh/unicode.c
  15. @@ -78,13 +78,15 @@ stub_charset ()
  16. s = strrchr (locale, '.');
  17. if (s)
  18. {
  19. - strcpy (charsetbuf, s+1);
  20. + strncpy (charsetbuf, s+1, sizeof (charsetbuf) - 1);
  21. + charsetbuf[sizeof (charsetbuf) - 1] = '\0';
  22. t = strchr (charsetbuf, '@');
  23. if (t)
  24. *t = 0;
  25. return charsetbuf;
  26. }
  27. - strcpy (charsetbuf, locale);
  28. + strncpy (charsetbuf, locale, sizeof (charsetbuf) - 1);
  29. + charsetbuf[sizeof (charsetbuf) - 1] = '\0';
  30. return charsetbuf;
  31. }
  32. #endif
  33. --- a/patchlevel.h
  34. +++ b/patchlevel.h
  35. @@ -25,6 +25,6 @@
  36. regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
  37. looks for to find the patch level (for the sccs version string). */
  38. -#define PATCHLEVEL 34
  39. +#define PATCHLEVEL 35
  40. #endif /* _PATCHLEVEL_H_ */