bash: Fix CVE-2014-7169

Submitted by Khem Raj on Sept. 26, 2014, 8:20 p.m. | Patch ID: 80977

Details

Message ID 1411762854-16452-1-git-send-email-raj.khem@gmail.com
State New
Headers show

Commit Message

Khem Raj Sept. 26, 2014, 8:20 p.m.
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment

Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-extended/bash/bash-3.2.48/shellshock1.patch | 16 ++++++++++++++++
 meta/recipes-extended/bash/bash/shellshock1.patch        | 16 ++++++++++++++++
 meta/recipes-extended/bash/bash_3.2.48.bb                |  1 +
 meta/recipes-extended/bash/bash_4.3.bb                   |  1 +
 4 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-extended/bash/bash-3.2.48/shellshock1.patch
 create mode 100644 meta/recipes-extended/bash/bash/shellshock1.patch

Patch hide | download patch | download mbox

diff --git a/meta/recipes-extended/bash/bash-3.2.48/shellshock1.patch b/meta/recipes-extended/bash/bash-3.2.48/shellshock1.patch
new file mode 100644
index 0000000..2e734de
--- /dev/null
+++ b/meta/recipes-extended/bash/bash-3.2.48/shellshock1.patch
@@ -0,0 +1,16 @@ 
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+
+Upstream-Status: Backport
+Index: bash-3.2.48/parse.y
+===================================================================
+--- bash-3.2.48.orig/parse.y	2008-04-29 18:24:55.000000000 -0700
++++ bash-3.2.48/parse.y	2014-09-26 13:07:31.956080056 -0700
+@@ -2503,6 +2503,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   last_read_token = '\n';
+   token_to_read = '\n';
+ }
diff --git a/meta/recipes-extended/bash/bash/shellshock1.patch b/meta/recipes-extended/bash/bash/shellshock1.patch
new file mode 100644
index 0000000..3c69121
--- /dev/null
+++ b/meta/recipes-extended/bash/bash/shellshock1.patch
@@ -0,0 +1,16 @@ 
+Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
+
+Upstream-Status: Backport
+Index: bash-4.3/parse.y
+===================================================================
+--- bash-4.3.orig/parse.y	2014-09-26 13:10:44.340080056 -0700
++++ bash-4.3/parse.y	2014-09-26 13:11:44.764080056 -0700
+@@ -2953,6 +2953,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   current_token = '\n';		/* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';
diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb
index 07c6540..5fafdcd 100644
--- a/meta/recipes-extended/bash/bash_3.2.48.bb
+++ b/meta/recipes-extended/bash/bash_3.2.48.bb
@@ -13,6 +13,7 @@  SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
            file://build-tests.patch \
            file://test-output.patch \
            file://shellshock.patch \
+           file://shellshock1.patch \
            file://run-ptest \
           "
 
diff --git a/meta/recipes-extended/bash/bash_4.3.bb b/meta/recipes-extended/bash/bash_4.3.bb
index a01fcf1..7b134f8 100644
--- a/meta/recipes-extended/bash/bash_4.3.bb
+++ b/meta/recipes-extended/bash/bash_4.3.bb
@@ -10,6 +10,7 @@  SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \
            file://build-tests.patch \
            file://test-output.patch \
            file://shellshock.patch \
+           file://shellshock1.patch \
            file://run-ptest \
            "