polynomial-c 14/09/24 14:01:55 Added: bash-4.3-funcdef-import.patch bash-3.1-funcdef-import.patch Log: Security bump (bug #523592). Fixed environment handling command injection (CVE-2014-6271) (Portage version: 2.2.13/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)
Revision Changes Path 1.1 app-shells/bash/files/bash-4.3-funcdef-import.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-4.3-funcdef-import.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-4.3-funcdef-import.patch?rev=1.1&content-type=text/plain Index: bash-4.3-funcdef-import.patch =================================================================== *** ../bash-4.3-patched/builtins/common.h 2013-07-08 16:54:47.000000000 -0400 --- builtins/common.h 2014-09-12 14:25:47.000000000 -0400 *************** *** 34,37 **** --- 49,54 ---- #define SEVAL_PARSEONLY 0x020 #define SEVAL_NOLONGJMP 0x040 + #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ + #define SEVAL_ONECMD 0x100 /* only allow a single command */ /* Flags for describe_command, shared between type.def and command.def */ *** ../bash-4.3-patched/builtins/evalstring.c 2014-02-11 09:42:10.000000000 -0500 --- builtins/evalstring.c 2014-09-14 14:15:13.000000000 -0400 *************** *** 309,312 **** --- 313,324 ---- struct fd_bitmap *bitmap; + if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) + { + internal_warning ("%s: ignoring function definition attempt", from_file); + should_jump_to_top_level = 0; + last_result = last_command_exit_value = EX_BADUSAGE; + break; + } + bitmap = new_fd_bitmap (FD_BITMAP_SIZE); begin_unwind_frame ("pe_dispose"); *************** *** 369,372 **** --- 381,387 ---- dispose_fd_bitmap (bitmap); discard_unwind_frame ("pe_dispose"); + + if (flags & SEVAL_ONECMD) + break; } } *** ../bash-4.3-patched/variables.c 2014-05-15 08:26:50.000000000 -0400 --- variables.c 2014-09-14 14:23:35.000000000 -0400 *************** *** 359,369 **** strcpy (temp_string + char_index + 1, string); ! if (posixly_correct == 0 || legal_identifier (name)) ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); ! ! /* Ancient backwards compatibility. Old versions of bash exported ! functions like name()=() {...} */ ! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') ! name[char_index - 2] = '\0'; if (temp_var = find_function (name)) --- 364,372 ---- strcpy (temp_string + char_index + 1, string); ! /* Don't import function names that are invalid identifiers from the ! environment, though we still allow them to be defined as shell ! variables. */ ! if (legal_identifier (name)) ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); if (temp_var = find_function (name)) *************** *** 382,389 **** report_error (_("error importing function definition for `%s'"), name); } - - /* ( */ - if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') - name[char_index - 2] = '('; /* ) */ } #if defined (ARRAY_VARS) --- 385,388 ---- *** ../bash-4.3-patched/subst.c 2014-08-11 11:16:35.000000000 -0400 --- subst.c 2014-09-12 15:31:04.000000000 -0400 *************** *** 8048,8052 **** goto return0; } ! else if (var = find_variable_last_nameref (temp1)) { temp = nameref_cell (var); --- 8118,8124 ---- goto return0; } ! else if (var && (invisible_p (var) || var_isset (var) == 0)) ! temp = (char *)NULL; ! else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) && invisible_p (var) == 0) { temp = nameref_cell (var); 1.1 app-shells/bash/files/bash-3.1-funcdef-import.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-3.1-funcdef-import.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-shells/bash/files/bash-3.1-funcdef-import.patch?rev=1.1&content-type=text/plain Index: bash-3.1-funcdef-import.patch =================================================================== *** ../bash-3.1.17/builtins/common.h 2004-09-09 13:21:08.000000000 -0400 --- builtins/common.h 2014-09-16 22:00:02.000000000 -0400 *************** *** 34,37 **** --- 34,39 ---- /* Flags for describe_command, shared between type.def and command.def */ + #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ + #define SEVAL_ONECMD 0x100 /* only allow a single command */ #define CDESC_ALL 0x001 /* type -a */ #define CDESC_SHORTDESC 0x002 /* command -V */ *** ../bash-3.1.17/builtins/evalstring.c 2005-10-30 18:28:24.000000000 -0500 --- builtins/evalstring.c 2014-09-16 22:00:02.000000000 -0400 *************** *** 224,227 **** --- 224,235 ---- struct fd_bitmap *bitmap; + if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) + { + internal_warning ("%s: ignoring function definition attempt", from_file); + should_jump_to_top_level = 0; + last_result = last_command_exit_value = EX_BADUSAGE; + break; + } + bitmap = new_fd_bitmap (FD_BITMAP_SIZE); begin_unwind_frame ("pe_dispose"); *************** *** 279,282 **** --- 287,293 ---- dispose_fd_bitmap (bitmap); discard_unwind_frame ("pe_dispose"); + + if (flags & SEVAL_ONECMD) + break; } } *** ../bash-3.1.17/variables.c 2006-03-10 16:56:29.000000000 -0500 --- variables.c 2014-09-16 22:00:02.000000000 -0400 *************** *** 311,320 **** strcpy (temp_string + char_index + 1, string); ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); ! ! /* Ancient backwards compatibility. Old versions of bash exported ! functions like name()=() {...} */ ! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') ! name[char_index - 2] = '\0'; if (temp_var = find_function (name)) --- 311,318 ---- strcpy (temp_string + char_index + 1, string); ! /* Don't import function names that are invalid identifiers from the ! environment. */ ! if (legal_identifier (name)) ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); if (temp_var = find_function (name)) *************** *** 325,332 **** else report_error (_("error importing function definition for `%s'"), name); - - /* ( */ - if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') - name[char_index - 2] = '('; /* ) */ } #if defined (ARRAY_VARS) --- 323,326 ----