bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash-4.3 Official Patch 26


From: Nathan McGarvey
Subject: Re: Bash-4.3 Official Patch 26
Date: Fri, 26 Sep 2014 20:58:33 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.8.0

Pardon my catching up. This (and all the other related patches for other past versions) is to remedy CVE-2014-7169 and CVE-2014-6271 was remedied by the previous Patch 25 (and related set for all other versions.) Is this correct? Or are there still outstanding issues?

-Nathan

On 09/26/2014 05:17 PM, Chet Ramey wrote:
                             BASH PATCH REPORT
                             =================

Bash-Release:   4.3
Patch-ID:       bash43-026

Bug-Reported-by:        Tavis Ormandy <taviso@cmpxchg8b.com>
Bug-Reference-ID:
Bug-Reference-URL:      http://twitter.com/taviso/statuses/514887394294652929

Bug-Description:

Under certain circumstances, bash can incorrectly save a lookahead character and
return it on a subsequent call, even when reading a new line.

Patch (apply with `patch -p0'):

*** ../bash-4.3.25/parse.y      2014-07-30 10:14:31.000000000 -0400
--- parse.y     2014-09-25 20:20:21.000000000 -0400
***************
*** 2954,2957 ****
--- 2954,2959 ----
     word_desc_to_read = (WORD_DESC *)NULL;

+   eol_ungetc_lookahead = 0;
+
     current_token = '\n';              /* XXX */
     last_read_token = '\n';
*** ../bash-4.3.25/y.tab.c      2014-07-30 10:14:32.000000000 -0400
--- y.tab.c     2014-09-25 20:21:48.000000000 -0400
***************
*** 5266,5269 ****
--- 5266,5271 ----
     word_desc_to_read = (WORD_DESC *)NULL;

+   eol_ungetc_lookahead = 0;
+
     current_token = '\n';              /* XXX */
     last_read_token = '\n';
***************
*** 8540,8542 ****
   }
   #endif /* HANDLE_MULTIBYTE */
-
--- 8542,8543 ----
*** ../bash-4.3/patchlevel.h    2012-12-29 10:47:57.000000000 -0500
--- patchlevel.h        2014-03-20 20:01:28.000000000 -0400
***************
*** 26,30 ****
      looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 25

   #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
      looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 26

   #endif /* _PATCHLEVEL_H_ */




reply via email to

[Prev in Thread] Current Thread [Next in Thread]