[gentoo-commits] gentoo-x86 commit in app-shells/bash/files: bash-4.3-funcdef-import.patch bash-3.1-funcdef-import.patch

Wed, 24 Sep 2014 07:03:12 -0700 

polynomial-c    14/09/24 14:01:55

  Added:                bash-4.3-funcdef-import.patch
                        bash-3.1-funcdef-import.patch
  Log:
  Security bump (bug #523592). Fixed environment handling command injection 
(CVE-2014-6271)
  
  (Portage version: 2.2.13/cvs/Linux x86_64, signed Manifest commit with key 
0x981CA6FC)

Revision  Changes    Path
1.1                  app-shells/bash/files/bash-4.3-funcdef-import.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-4.3-funcdef-import.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-4.3-funcdef-import.patch?rev=1.1&content-type=text/plain

Index: bash-4.3-funcdef-import.patch
===================================================================
*** ../bash-4.3-patched/builtins/common.h       2013-07-08 16:54:47.000000000 
-0400
--- builtins/common.h   2014-09-12 14:25:47.000000000 -0400
***************
*** 34,37 ****
--- 49,54 ----
  #define SEVAL_PARSEONLY       0x020
  #define SEVAL_NOLONGJMP 0x040
+ #define SEVAL_FUNCDEF 0x080           /* only allow function definitions */
+ #define SEVAL_ONECMD  0x100           /* only allow a single command */
  
  /* Flags for describe_command, shared between type.def and command.def */
*** ../bash-4.3-patched/builtins/evalstring.c   2014-02-11 09:42:10.000000000 
-0500
--- builtins/evalstring.c       2014-09-14 14:15:13.000000000 -0400
***************
*** 309,312 ****
--- 313,324 ----
              struct fd_bitmap *bitmap;
  
+             if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+               {
+                 internal_warning ("%s: ignoring function definition attempt", 
from_file);
+                 should_jump_to_top_level = 0;
+                 last_result = last_command_exit_value = EX_BADUSAGE;
+                 break;
+               }
+ 
              bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
              begin_unwind_frame ("pe_dispose");
***************
*** 369,372 ****
--- 381,387 ----
              dispose_fd_bitmap (bitmap);
              discard_unwind_frame ("pe_dispose");
+ 
+             if (flags & SEVAL_ONECMD)
+               break;
            }
        }
*** ../bash-4.3-patched/variables.c     2014-05-15 08:26:50.000000000 -0400
--- variables.c 2014-09-14 14:23:35.000000000 -0400
***************
*** 359,369 ****
          strcpy (temp_string + char_index + 1, string);
  
!         if (posixly_correct == 0 || legal_identifier (name))
!           parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
! 
!         /* Ancient backwards compatibility.  Old versions of bash exported
!            functions like name()=() {...} */
!         if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
!           name[char_index - 2] = '\0';
  
          if (temp_var = find_function (name))
--- 364,372 ----
          strcpy (temp_string + char_index + 1, string);
  
!         /* Don't import function names that are invalid identifiers from the
!            environment, though we still allow them to be defined as shell
!            variables. */
!         if (legal_identifier (name))
!           parse_and_execute (temp_string, name, 
SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
  
          if (temp_var = find_function (name))
***************
*** 382,389 ****
              report_error (_("error importing function definition for `%s'"), 
name);
            }
- 
-         /* ( */
-         if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
-           name[char_index - 2] = '(';         /* ) */
        }
  #if defined (ARRAY_VARS)
--- 385,388 ----
*** ../bash-4.3-patched/subst.c 2014-08-11 11:16:35.000000000 -0400
--- subst.c     2014-09-12 15:31:04.000000000 -0400
***************
*** 8048,8052 ****
          goto return0;
        }
!       else if (var = find_variable_last_nameref (temp1))
        {
          temp = nameref_cell (var);
--- 8118,8124 ----
          goto return0;
        }
!       else if (var && (invisible_p (var) || var_isset (var) == 0))
!       temp = (char *)NULL;
!       else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) 
&& invisible_p (var) == 0)
        {
          temp = nameref_cell (var);




1.1                  app-shells/bash/files/bash-3.1-funcdef-import.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-3.1-funcdef-import.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-3.1-funcdef-import.patch?rev=1.1&content-type=text/plain

Index: bash-3.1-funcdef-import.patch
===================================================================
*** ../bash-3.1.17/builtins/common.h    2004-09-09 13:21:08.000000000 -0400
--- builtins/common.h   2014-09-16 22:00:02.000000000 -0400
***************
*** 34,37 ****
--- 34,39 ----
  
  /* Flags for describe_command, shared between type.def and command.def */
+ #define SEVAL_FUNCDEF 0x080           /* only allow function definitions */
+ #define SEVAL_ONECMD  0x100           /* only allow a single command */
  #define CDESC_ALL             0x001   /* type -a */
  #define CDESC_SHORTDESC               0x002   /* command -V */
*** ../bash-3.1.17/builtins/evalstring.c        2005-10-30 18:28:24.000000000 
-0500
--- builtins/evalstring.c       2014-09-16 22:00:02.000000000 -0400
***************
*** 224,227 ****
--- 224,235 ----
              struct fd_bitmap *bitmap;
  
+             if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+               {
+                 internal_warning ("%s: ignoring function definition attempt", 
from_file);
+                 should_jump_to_top_level = 0;
+                 last_result = last_command_exit_value = EX_BADUSAGE;
+                 break;
+               }
+ 
              bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
              begin_unwind_frame ("pe_dispose");
***************
*** 279,282 ****
--- 287,293 ----
              dispose_fd_bitmap (bitmap);
              discard_unwind_frame ("pe_dispose");
+ 
+             if (flags & SEVAL_ONECMD)
+               break;
            }
        }
*** ../bash-3.1.17/variables.c  2006-03-10 16:56:29.000000000 -0500
--- variables.c 2014-09-16 22:00:02.000000000 -0400
***************
*** 311,320 ****
          strcpy (temp_string + char_index + 1, string);
  
!         parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
! 
!         /* Ancient backwards compatibility.  Old versions of bash exported
!            functions like name()=() {...} */
!         if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
!           name[char_index - 2] = '\0';
  
          if (temp_var = find_function (name))
--- 311,318 ----
          strcpy (temp_string + char_index + 1, string);
  
!         /* Don't import function names that are invalid identifiers from the
!            environment. */
!         if (legal_identifier (name))
!           parse_and_execute (temp_string, name, 
SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
  
          if (temp_var = find_function (name))
***************
*** 325,332 ****
          else
            report_error (_("error importing function definition for `%s'"), 
name);
- 
-         /* ( */
-         if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
-           name[char_index - 2] = '(';         /* ) */
        }
  #if defined (ARRAY_VARS)
--- 323,326 ----

Reply via email to