On 11/26/16 12:51 AM, Mike Frysinger wrote: > On 21 Nov 2016 10:13, Chet Ramey wrote: >> On 11/21/16 6:47 AM, wer...@suse.de wrote: >>> Bash Version: 4.2.47, 4.3.48, 4.4.5 >>> Release Status: release >>> OpenSUSE bug: 1010845 >>> CVE: 2016-9401 >>> >>> Description: >>> popd controlled free (Segmentation fault) in all bash versions here >>> around >> >> This has been fixed for a couple of weeks in the devel branch. > > can you cut a patch ?
Sure. It's not a security problem; it just seg faults.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
*** ../bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.000000000 -0500
--- builtins/pushd.def 2016-10-28 10:46:49.000000000 -0400
***************
*** 366,370 ****
}
! if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
--- 366,370 ----
}
! if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
***************
*** 388,391 ****
--- 388,396 ----
of the list into place. */
i = (direction == '+') ? directory_list_offset - which : which;
+ if (i < 0 || i > directory_list_offset)
+ {
+ pushd_error (directory_list_offset, which_word ? which_word : "");
+ return (EXECUTION_FAILURE);
+ }
free (pushd_directory_list[i]);
directory_list_offset--;
signature.asc
Description: OpenPGP digital signature
