Gentoo Archives: gentoo-commits

From: "Lars Wendler (polynomial-c)" <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in app-shells/bash/files: bash-redir-stack-overflow.patch
Date: Tue, 30 Sep 2014 20:34:33
Message-Id: 20140930203429.AB8A569C3@oystercatcher.gentoo.org
1 polynomial-c 14/09/30 20:34:29
2
3 Added: bash-redir-stack-overflow.patch
4 Log:
5 Added an inofficial patch to finally fix CVE-2014-7186 and CVE-2014-7187 (bug #523742)
6
7 (Portage version: 2.2.14_rc1/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)
8
9 Revision Changes Path
10 1.1 app-shells/bash/files/bash-redir-stack-overflow.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-redir-stack-overflow.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-redir-stack-overflow.patch?rev=1.1&content-type=text/plain
14
15 Index: bash-redir-stack-overflow.patch
16 ===================================================================
17 *** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400
18 --- parse.y 2014-09-25 19:16:40.000000000 -0400
19 ***************
20 *** 169,172 ****
21 --- 169,175 ----
22 static int reserved_word_acceptable __P((int));
23 static int yylex __P((void));
24 +
25 + static void push_heredoc __P((REDIRECT *));
26 + static char *mk_alexpansion __P((char *));
27 static int alias_expand_token __P((char *));
28 static int time_command_acceptable __P((void));
29 ***************
30 *** 266,270 ****
31 /* Variables to manage the task of reading here documents, because we need to
32 defer the reading until after a complete command has been collected. */
33 ! static REDIRECT *redir_stack[10];
34 int need_here_doc;
35
36 --- 269,275 ----
37 /* Variables to manage the task of reading here documents, because we need to
38 defer the reading until after a complete command has been collected. */
39 ! #define HEREDOC_MAX 16
40 !
41 ! static REDIRECT *redir_stack[HEREDOC_MAX];
42 int need_here_doc;
43
44 ***************
45 *** 308,312 ****
46 index is decremented after a case, select, or for command is parsed. */
47 #define MAX_CASE_NEST 128
48 ! static int word_lineno[MAX_CASE_NEST];
49 static int word_top = -1;
50
51 --- 313,317 ----
52 index is decremented after a case, select, or for command is parsed. */
53 #define MAX_CASE_NEST 128
54 ! static int word_lineno[MAX_CASE_NEST+1];
55 static int word_top = -1;
56
57 ***************
58 *** 521,525 ****
59 redir.filename = $2;
60 $$ = make_redirection (source, r_reading_until, redir, 0);
61 ! redir_stack[need_here_doc++] = $$;
62 }
63 | NUMBER LESS_LESS WORD
64 --- 526,530 ----
65 redir.filename = $2;
66 $$ = make_redirection (source, r_reading_until, redir, 0);
67 ! push_heredoc ($$);
68 }
69 | NUMBER LESS_LESS WORD
70 ***************
71 *** 528,532 ****
72 redir.filename = $3;
73 $$ = make_redirection (source, r_reading_until, redir, 0);
74 ! redir_stack[need_here_doc++] = $$;
75 }
76 | REDIR_WORD LESS_LESS WORD
77 --- 533,537 ----
78 redir.filename = $3;
79 $$ = make_redirection (source, r_reading_until, redir, 0);
80 ! push_heredoc ($$);
81 }
82 | REDIR_WORD LESS_LESS WORD
83 ***************
84 *** 535,539 ****
85 redir.filename = $3;
86 $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
87 ! redir_stack[need_here_doc++] = $$;
88 }
89 | LESS_LESS_MINUS WORD
90 --- 540,544 ----
91 redir.filename = $3;
92 $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
93 ! push_heredoc ($$);
94 }
95 | LESS_LESS_MINUS WORD
96 ***************
97 *** 542,546 ****
98 redir.filename = $2;
99 $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
100 ! redir_stack[need_here_doc++] = $$;
101 }
102 | NUMBER LESS_LESS_MINUS WORD
103 --- 547,551 ----
104 redir.filename = $2;
105 $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
106 ! push_heredoc ($$);
107 }
108 | NUMBER LESS_LESS_MINUS WORD
109 ***************
110 *** 549,553 ****
111 redir.filename = $3;
112 $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
113 ! redir_stack[need_here_doc++] = $$;
114 }
115 | REDIR_WORD LESS_LESS_MINUS WORD
116 --- 554,558 ----
117 redir.filename = $3;
118 $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
119 ! push_heredoc ($$);
120 }
121 | REDIR_WORD LESS_LESS_MINUS WORD
122 ***************
123 *** 556,560 ****
124 redir.filename = $3;
125 $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
126 ! redir_stack[need_here_doc++] = $$;
127 }
128 | LESS_LESS_LESS WORD
129 --- 561,565 ----
130 redir.filename = $3;
131 $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
132 ! push_heredoc ($$);
133 }
134 | LESS_LESS_LESS WORD
135 ***************
136 *** 2637,2640 ****
137 --- 2642,2660 ----
138 static int esacs_needed_count;
139
140 + static void
141 + push_heredoc (r)
142 + REDIRECT *r;
143 + {
144 + if (need_here_doc >= HEREDOC_MAX)
145 + {
146 + last_command_exit_value = EX_BADUSAGE;
147 + need_here_doc = 0;
148 + report_syntax_error (_("maximum here-document count exceeded"));
149 + reset_parser ();
150 + exit_shell (last_command_exit_value);
151 + }
152 + redir_stack[need_here_doc++] = r;
153 + }
154 +
155 void
156 gather_here_documents ()