bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash-4.3 Official Patch 25

From: Jason Vas Dias
Subject: Re: Bash-4.3 Official Patch 25
Date: Thu, 25 Sep 2014 15:20:14 +0100 
Oops, sorry, this issue is nothing to do with the  bash43-025 patch -
I just verified that the same issue occurs with bash 4.1.2(1) .
The issue was that a script that does an 'stty' command was
failing when run in a 'while read ... ' loop. It wasn't using
'stty -F', so was trying to stty on stdin, which was the list file.
Sorry, my mistake - a nasty coincindence that it was the first
thing I tried with the new bash version.
Regards,
Jason

On 9/25/14, Jason Vas Dias <jason.vas.dias@gmail.com> wrote:
> Good day Chet, bash-list -
>
> I just checked out the latest git head, applied the bash43-025 patch, and
> built
> $ ./bash --version
>   GNU bash, version 4.3.25(3)-release (x86_64-unknown-linux-gnu)
>   ...
> which PASSED its 'make check' test suite, both under Ubuntu 14.04.1 LTS
> and under RHEL-6.5+ , on an x86_64 (Haswell) 8-core platform .
>
> But now there is an issue - bash seems to lose its idea of stdout / stderr
> being
> a terminal within read loops, as illustrated by this test script
> (/tmp/t.sh):
>
> <quote>
> #!/bin/bash
>  tty
> echo $'1\n2' > test.list;
> while read line; do
>     tty;
> done < test.list
> </quote>
>
> Its output illustrates the problem:
>
> <quote>
> $ ./bash /tmp/t.sh
> /dev/pts/6
> not a tty
> not a tty
> </quote>
>
> This bug seems to have infected the latest Ubuntu bash release also,
> which was created and pushed out  today with the  bash43-025 fix
> for the CVE-2014-6271 issue :
> <quote>
> $ /bin/bash /tmp/t.sh
> /dev/pts/6
> not a tty
> not a tty
> </quote>
> (/bin/bash is from the bash-4.3-7ubuntu1.1 package) .
>
> But /dev/fd/1 remains the same file :
> <quote>
> #!/bin/bash
> tty
> ls -l /dev/fd/1;
> echo $'1\n2' > test.list;
> while read line; do
>     tty;
>     ls -l /dev/fd/1;
> done < test.list
> </quote>
> Its output under Ubuntu bash:
>
> $ /bin/bash /tmp/tsh
> /dev/pts/6
> lrwx------ 1 jvasdias jvd 64 Sep 25 14:47 /dev/fd/1 -> /dev/pts/6
> not a tty
> lrwx------ 1 jvasdias jvd 64 Sep 25 14:47 /dev/fd/1 -> /dev/pts/6
> not a tty
> lrwx------ 1 jvasdias jvd 64 Sep 25 14:47 /dev/fd/1 -> /dev/pts/6
>
> This is rather confusing !
> Any ideas what may the the issue here ?
>
> Thanks & Regards,
> Jason
>
>
>
> On 9/24/14, Chet Ramey <chet.ramey@case.edu> wrote:
>>                           BASH PATCH REPORT
>>                           =================
>>
>> Bash-Release:        4.3
>> Patch-ID:    bash43-025
>>
>> Bug-Reported-by:     Stephane Chazelas <stephane.chazelas@gmail.com>
>> Bug-Reference-ID:
>> Bug-Reference-URL:
>>
>> Bug-Description:
>>
>> Under certain circumstances, bash will execute user code while processing
>> the
>> environment for exported function definitions.
>>
>> Patch (apply with `patch -p0'):
>>
>> *** ../bash-4.3-patched/builtins/common.h    2013-07-08 16:54:47.000000000
>> -0400
>> --- builtins/common.h        2014-09-12 14:25:47.000000000 -0400
>> ***************
>> *** 34,37 ****
>> --- 49,54 ----
>>   #define SEVAL_PARSEONLY    0x020
>>   #define SEVAL_NOLONGJMP 0x040
>> + #define SEVAL_FUNCDEF      0x080           /* only allow function 
>> definitions */
>> + #define SEVAL_ONECMD       0x100           /* only allow a single command 
>> */
>>
>>   /* Flags for describe_command, shared between type.def and command.def
>> */
>> *** ../bash-4.3-patched/builtins/evalstring.c        2014-02-11
>> 09:42:10.000000000
>> -0500
>> --- builtins/evalstring.c    2014-09-14 14:15:13.000000000 -0400
>> ***************
>> *** 309,312 ****
>> --- 313,324 ----
>>            struct fd_bitmap *bitmap;
>>
>> +          if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
>> +            {
>> +              internal_warning ("%s: ignoring function definition attempt",
>> from_file);
>> +              should_jump_to_top_level = 0;
>> +              last_result = last_command_exit_value = EX_BADUSAGE;
>> +              break;
>> +            }
>> +
>>            bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
>>            begin_unwind_frame ("pe_dispose");
>> ***************
>> *** 369,372 ****
>> --- 381,387 ----
>>            dispose_fd_bitmap (bitmap);
>>            discard_unwind_frame ("pe_dispose");
>> +
>> +          if (flags & SEVAL_ONECMD)
>> +            break;
>>          }
>>      }
>> *** ../bash-4.3-patched/variables.c  2014-05-15 08:26:50.000000000 -0400
>> --- variables.c      2014-09-14 14:23:35.000000000 -0400
>> ***************
>> *** 359,369 ****
>>        strcpy (temp_string + char_index + 1, string);
>>
>> !      if (posixly_correct == 0 || legal_identifier (name))
>> !        parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
>> !
>> !      /* Ancient backwards compatibility.  Old versions of bash exported
>> !         functions like name()=() {...} */
>> !      if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
>> !        name[char_index - 2] = '\0';
>>
>>        if (temp_var = find_function (name))
>> --- 364,372 ----
>>        strcpy (temp_string + char_index + 1, string);
>>
>> !      /* Don't import function names that are invalid identifiers from the
>> !         environment, though we still allow them to be defined as shell
>> !         variables. */
>> !      if (legal_identifier (name))
>> !        parse_and_execute (temp_string, name,
>> SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
>>
>>        if (temp_var = find_function (name))
>> ***************
>> *** 382,389 ****
>>            report_error (_("error importing function definition for `%s'"),
>> name);
>>          }
>> -
>> -      /* ( */
>> -      if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
>> -        name[char_index - 2] = '(';         /* ) */
>>      }
>>   #if defined (ARRAY_VARS)
>> --- 385,388 ----
>> *** ../bash-4.3-patched/subst.c      2014-08-11 11:16:35.000000000 -0400
>> --- subst.c  2014-09-12 15:31:04.000000000 -0400
>> ***************
>> *** 8048,8052 ****
>>        goto return0;
>>      }
>> !       else if (var = find_variable_last_nameref (temp1))
>>      {
>>        temp = nameref_cell (var);
>> --- 8118,8124 ----
>>        goto return0;
>>      }
>> !       else if (var && (invisible_p (var) || var_isset (var) == 0))
>> !    temp = (char *)NULL;
>> !       else if ((var = find_variable_last_nameref (temp1)) && var_isset
>> (var) && invisible_p (var) == 0)
>>      {
>>        temp = nameref_cell (var);
>> *** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
>> --- patchlevel.h     2014-03-20 20:01:28.000000000 -0400
>> ***************
>> *** 26,30 ****
>>      looks for to find the patch level (for the sccs version string). */
>>
>> ! #define PATCHLEVEL 24
>>
>>   #endif /* _PATCHLEVEL_H_ */
>> --- 26,30 ----
>>      looks for to find the patch level (for the sccs version string). */
>>
>> ! #define PATCHLEVEL 25
>>
>>   #endif /* _PATCHLEVEL_H_ */
>>
>> --
>> ``The lyf so short, the craft so long to lerne.'' - Chaucer
>>               ``Ars longa, vita brevis'' - Hippocrates
>> Chet Ramey, ITS, CWRU    chet@case.edu
>> http://cnswww.cns.cwru.edu/~chet/
>>
>>
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]