Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc -I/home/abuild/rpmbuild/BUILD/bash-4.2
-L/home/abuild/rpmbuild/BUILD/bash-4.2/../readline-6.2
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-suse-linux-gnu'
-DCONF_VENDOR='suse' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H -I. -I. -I./include -I./lib -fmessage-length=0
-grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector
-funwind-tables -fasynchronous-unwind-tables -g -D_GNU_SOURCE -DRECYCLES_PIDS
-Wall -g -Wuninitialized -Wextra -Wno-unprototyped-calls -Wno-switch-enum
-Wno-unused-variable -Wno-unused-parameter -ftree-loop-linear -pipe
-DBNC382214=0 -fprofile-use
uname output: Linux noether 4.1.34-33-default #1 SMP PREEMPT Thu Oct 20
08:03:29 UTC 2016 (fe18aba) x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-suse-linux-gnu
Bash Version: 4.2.47, 4.3.48, 4.4.5
Release Status: release
OpenSUSE bug: 1010845
CVE: 2016-9401
Description:
popd controlled free (Segmentation fault) in all bash versions here
around
Repeat-By:
bash -c 'popd --1'
bash -c 'popd +-1'
or any other negativ signed number after the first sign
Fix:
*** builtins/pushd.def
--- builtins/pushd.def Mon Nov 21 11:27:52 2016
*************** popd_builtin (list)
*** 341,347 ****
}
else if (((direction = list->word->word[0]) == '+') || direction == '-')
{
! if (legal_number (list->word->word + 1, &which) == 0)
{
sh_invalidnum (list->word->word);
builtin_usage ();
--- 341,347 ----
}
else if (((direction = list->word->word[0]) == '+') || direction == '-')
{
! if (legal_number (list->word->word + 1, &which) == 0 ||
all_digits(list->word->word + 1) == 0)
{
sh_invalidnum (list->word->word);
builtin_usage ();
