buildroot
Public
Source
committed 4a37f3316ccFrom http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-035Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> BASH PATCH REPORT =================Bash-Release: 4.3Patch-ID: bash43-035Bug-Reported-by: <romerox.adrian@gmail.com>Bug-Reference-ID: <CABV5r3zhPXmSKUe9uedeGc5YFBM2njJ1iVmY2h5neWdQpDBQug@mail.gmail.com>Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-08/msg00045.htmlBug-Description:A locale with a long name can trigger a buffer overflow and core dump. Thisapplies on systems that do not have locale_charset in libc, are not usingGNU libiconv, and are not using the libintl that ships with bash in lib/intl.Patch (apply with `patch -p0'):*** a/bash-4.3-patched/lib/sh/unicode.c 2014-01-30 16:47:19.000000000 -0500--- b/lib/sh/unicode.c 2015-05-01 08:58:30.000000000 -0400****************** 79,83 **** if (s) {! strcpy (charsetbuf, s+1); t = strchr (charsetbuf, '@'); if (t)--- 79,84 ---- if (s) {! strncpy (charsetbuf, s+1, sizeof (charsetbuf) - 1);! charsetbuf[sizeof (charsetbuf) - 1] = '\0'; t = strchr (charsetbuf, '@'); if (t)****************** 85,89 **** return charsetbuf; }! strcpy (charsetbuf, locale); return charsetbuf; }--- 86,91 ---- return charsetbuf; }! strncpy (charsetbuf, locale, sizeof (charsetbuf) - 1);! charsetbuf[sizeof (charsetbuf) - 1] = '\0'; return charsetbuf; }*** a/bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500--- b/patchlevel.h 2014-03-20 20:01:28.000000000 -0400****************** 26,30 **** looks for to find the patch level (for the sccs version string). */! #define PATCHLEVEL 34 #endif /* _PATCHLEVEL_H_ */--- 26,30 ---- looks for to find the patch level (for the sccs version string). */