bash: Fix CVE-2014-7169
This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed (From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc) (From OE-Core rev: 1c8f43767c7d78872d38652ea808f30ea825bbef) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
86e38661a6
commit
e46f9d389a
|
@ -0,0 +1,16 @@
|
|||
Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
|
||||
|
||||
Upstream-Status: Backport
|
||||
Index: bash-3.2.48/parse.y
|
||||
===================================================================
|
||||
--- bash-3.2.48.orig/parse.y 2008-04-29 18:24:55.000000000 -0700
|
||||
+++ bash-3.2.48/parse.y 2014-09-26 13:07:31.956080056 -0700
|
||||
@@ -2503,6 +2503,8 @@
|
||||
FREE (word_desc_to_read);
|
||||
word_desc_to_read = (WORD_DESC *)NULL;
|
||||
|
||||
+ eol_ungetc_lookahead = 0;
|
||||
+
|
||||
last_read_token = '\n';
|
||||
token_to_read = '\n';
|
||||
}
|
|
@ -13,6 +13,7 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
|
|||
file://build-tests.patch \
|
||||
file://test-output.patch \
|
||||
file://cve-2014-6271.patch;striplevel=0 \
|
||||
file://cve-2014-7169.patch \
|
||||
file://run-ptest \
|
||||
"
|
||||
|
||||
|
|
Loading…
Reference in New Issue