date:20141001

Bash-4.3 Official Patch 28

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release:   4.3
Patch-ID:   bash43-028

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch (apply with `patch -p0'):

*** ../bash-4.3-patched/parse.y 2014-09-25 23:02:35.0 -0400
--- parse.y 2014-09-29 16:47:03.0 -0400
***
*** 169,172 
--- 169,175 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 266,270 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 269,275 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 308,312 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST];
  static int word_top = -1;
  
--- 313,317 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST+1];
  static int word_top = -1;
  
***
*** 521,525 
  redir.filename = $2;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 526,530 
  redir.filename = $2;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 528,532 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   REDIR_WORD LESS_LESS WORD
--- 533,537 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! push_heredoc ($$);
}
|   REDIR_WORD LESS_LESS WORD
***
*** 535,539 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, REDIR_VARASSIGN);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_MINUS WORD
--- 540,544 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, REDIR_VARASSIGN);
! push_heredoc ($$);
}
|   LESS_LESS_MINUS WORD
***
*** 542,546 
  redir.filename = $2;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 547,551 
  redir.filename = $2;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 549,553 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   REDIR_WORD  LESS_LESS_MINUS WORD
--- 554,558 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! push_heredoc ($$);
}
|   REDIR_WORD  LESS_LESS_MINUS WORD
***
*** 556,560 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, REDIR_VARASSIGN);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 561,565

Bash-4.2 Official Patch 51

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release:   4.2
Patch-ID:   bash42-051

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch (apply with `patch -p0'):

*** ../bash-4.2.50/parse.y  2014-09-27 12:18:53.0 -0400
--- parse.y 2014-09-30 19:24:19.0 -0400
***
*** 168,171 
--- 168,174 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 265,269 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 268,274 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 307,311 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST];
  static int word_top = -1;
  
--- 312,316 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST+1];
  static int word_top = -1;
  
***
*** 520,524 
  redir.filename = $2;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 525,529 
  redir.filename = $2;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 527,531 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   REDIR_WORD LESS_LESS WORD
--- 532,536 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! push_heredoc ($$);
}
|   REDIR_WORD LESS_LESS WORD
***
*** 534,538 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, REDIR_VARASSIGN);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_MINUS WORD
--- 539,543 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, REDIR_VARASSIGN);
! push_heredoc ($$);
}
|   LESS_LESS_MINUS WORD
***
*** 541,545 
  redir.filename = $2;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 546,550 
  redir.filename = $2;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 548,552 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   REDIR_WORD  LESS_LESS_MINUS WORD
--- 553,557 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! push_heredoc ($$);
}
|   REDIR_WORD  LESS_LESS_MINUS WORD
***
*** 555,559 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, REDIR_VARASSIGN);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 560,564

Bash-4.1 Official Patch 15

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release:   4.1
Patch-ID:   bash41-015

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch (apply with `patch -p0'):

*** ../bash-4.1.14/parse.y  2014-09-27 12:18:25.0 -0400
--- parse.y 2014-09-30 19:36:03.0 -0400
***
*** 168,171 
--- 168,174 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 262,266 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 265,271 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 304,308 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST];
  static int word_top = -1;
  
--- 309,313 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST+1];
  static int word_top = -1;
  
***
*** 517,521 
  redir.filename = $2;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 522,526 
  redir.filename = $2;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 524,528 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   REDIR_WORD LESS_LESS WORD
--- 529,533 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! push_heredoc ($$);
}
|   REDIR_WORD LESS_LESS WORD
***
*** 531,535 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, REDIR_VARASSIGN);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_MINUS WORD
--- 536,540 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, REDIR_VARASSIGN);
! push_heredoc ($$);
}
|   LESS_LESS_MINUS WORD
***
*** 538,542 
  redir.filename = $2;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 543,547 
  redir.filename = $2;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 545,549 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   REDIR_WORD  LESS_LESS_MINUS WORD
--- 550,554 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! push_heredoc ($$);
}
|   REDIR_WORD  LESS_LESS_MINUS WORD
***
*** 552,556 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, REDIR_VARASSIGN);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 557,561

Bash-3.1 Official Patch 21

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release: 3.1
Patch-ID: bash31-021

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch:

*** ../bash-3.1.20/parse.y  2014-09-27 12:16:39.0 -0400
--- parse.y 2014-09-30 19:49:41.0 -0400
***
*** 167,170 
--- 167,173 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 259,263 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 262,268 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 285,289 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST];
  static int word_top = -1;
  
--- 290,294 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST+1];
  static int word_top = -1;
  
***
*** 430,434 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 435,439 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 436,440 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 441,445 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! push_heredoc ($$);
}
|   LESS_LESS_LESS WORD
***
*** 493,497 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 498,502 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 500,504 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   GREATER_AND '-'
--- 505,509 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   GREATER_AND '-'
***
*** 2211,2214 
--- 2216,2234 
  static int esacs_needed_count;
  
+ static void
+ push_heredoc (r)
+  REDIRECT *r;
+ {
+   if (need_here_doc >= HEREDOC_MAX)
+ {
+   last_command_exit_value = EX_BADUSAGE;
+   need_here_doc = 0;
+   report_syntax_error (_("maximum here-document count exceeded"));
+   reset_parser ();
+   exit_shell (last_command_exit_value);
+ }
+   redir_stack[need_here_doc++] = r;
+ }
+ 
  void
  gather_here_documents ()
*** ../bash-3.1/patchlevel.hWed Jul 20 13:58:20 2005
--- patchlevel.hWed Dec  7 13:48:42 2005
***
*** 26,30 
 looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 20
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 
 looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 21
  
  #endif /* _PATCHLEVEL_H_ */

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/

Bash-3.2 Official Patch 55

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release: 3.2
Patch-ID: bash32-055

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch:

*** ../bash-3.2.54/parse.y  2014-09-27 12:17:16.0 -0400
--- parse.y 2014-09-30 19:43:22.0 -0400
***
*** 166,169 
--- 166,172 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 254,258 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 257,263 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 280,284 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST];
  static int word_top = -1;
  
--- 285,289 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST+1];
  static int word_top = -1;
  
***
*** 425,429 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 430,434 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 431,435 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 436,440 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! push_heredoc ($$);
}
|   LESS_LESS_LESS WORD
***
*** 488,492 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 493,497 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 495,499 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   GREATER_AND '-'
--- 500,504 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   GREATER_AND '-'
***
*** 2214,2217 
--- 2219,2237 
  static int esacs_needed_count;
  
+ static void
+ push_heredoc (r)
+  REDIRECT *r;
+ {
+   if (need_here_doc >= HEREDOC_MAX)
+ {
+   last_command_exit_value = EX_BADUSAGE;
+   need_here_doc = 0;
+   report_syntax_error (_("maximum here-document count exceeded"));
+   reset_parser ();
+   exit_shell (last_command_exit_value);
+ }
+   redir_stack[need_here_doc++] = r;
+ }
+ 
  void
  gather_here_documents ()
*** ../bash-3.2/patchlevel.hThu Apr 13 08:31:04 2006
--- patchlevel.hMon Oct 16 14:22:54 2006
***
*** 26,30 
 looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 54
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 
 looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 55
  
  #endif /* _PATCHLEVEL_H_ */

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/

Bash-4.0 Official Patch 42

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release: 4.0
Patch-ID: bash40-042

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch:

*** ../bash-4.0.41/parse.y  2014-09-27 12:17:56.0 -0400
--- parse.y 2014-09-30 19:41:09.0 -0400
***
*** 167,170 
--- 167,173 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 262,266 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 265,271 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 301,305 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST];
  static int word_top = -1;
  
--- 306,310 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST+1];
  static int word_top = -1;
  
***
*** 452,456 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 457,461 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 458,462 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 463,467 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! push_heredoc ($$);
}
|   LESS_LESS_LESS WORD
***
*** 515,519 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 520,524 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 522,526 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   GREATER_AND '-'
--- 527,531 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   GREATER_AND '-'
***
*** 2377,2380 
--- 2382,2400 
  static int esacs_needed_count;
  
+ static void
+ push_heredoc (r)
+  REDIRECT *r;
+ {
+   if (need_here_doc >= HEREDOC_MAX)
+ {
+   last_command_exit_value = EX_BADUSAGE;
+   need_here_doc = 0;
+   report_syntax_error (_("maximum here-document count exceeded"));
+   reset_parser ();
+   exit_shell (last_command_exit_value);
+ }
+   redir_stack[need_here_doc++] = r;
+ }
+ 
  void
  gather_here_documents ()
*** ../bash-4.0/patchlevel.h2009-01-04 14:32:40.0 -0500
--- patchlevel.h2009-02-22 16:11:31.0 -0500
***
*** 26,30 
 looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 41
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 
 looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 42
  
  #endif /* _PATCHLEVEL_H_ */

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/

Bash-3.0 Official Patch 20

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release: 3.0
Patch-ID: bash30-020

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch:

*** ../bash-3.0.19/parse.y  2014-09-27 12:16:05.0 -0400
--- parse.y 2014-09-30 19:53:28.0 -0400
***
*** 166,169 
--- 166,172 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 258,262 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 261,267 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 284,288 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST];
  static int word_top = -1;
  
--- 289,293 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST+1];
  static int word_top = -1;
  
***
*** 429,433 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 434,438 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 435,439 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 440,444 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! push_heredoc ($$);
}
|   LESS_LESS_LESS WORD
***
*** 492,496 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 497,501 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 499,503 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   GREATER_AND '-'
--- 504,508 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   GREATER_AND '-'
***
*** 2194,2197 
--- 2199,2217 
  static int esacs_needed_count;
  
+ static void
+ push_heredoc (r)
+  REDIRECT *r;
+ {
+   if (need_here_doc >= HEREDOC_MAX)
+ {
+   last_command_exit_value = EX_BADUSAGE;
+   need_here_doc = 0;
+   report_syntax_error (_("maximum here-document count exceeded"));
+   reset_parser ();
+   exit_shell (last_command_exit_value);
+ }
+   redir_stack[need_here_doc++] = r;
+ }
+ 
  void
  gather_here_documents ()

*** ../bash-3.0/patchlevel.hWed Aug 22 08:05:39 2001
--- patchlevel.hThu Sep  2 15:04:32 2004
***
*** 26,30 
 looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 19
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 
 looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 20
  
  #endif /* _PATCHLEVEL_H_ */

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/

Bash-2.05b Official Patch 11

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release: 2.05b
Patch-ID: bash205b-011

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch:

*** ../bash-2.05b.10/parse.y2014-09-25 16:46:51.0 -0400
--- parse.y 2014-09-30 19:58:09.0 -0400
***
*** 162,165 
--- 162,168 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 249,253 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 252,258 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 405,409 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 410,414 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 411,415 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 416,420 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! push_heredoc ($$);
}
|   LESS_LESS_LESS WORD
***
*** 468,472 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 473,477 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 475,479 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   GREATER_AND '-'
--- 480,484 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   GREATER_AND '-'
***
*** 2090,2093 
--- 2095,2113 
  static int esacs_needed_count;
  
+ static void
+ push_heredoc (r)
+  REDIRECT *r;
+ {
+   if (need_here_doc >= HEREDOC_MAX)
+ {
+   last_command_exit_value = EX_BADUSAGE;
+   need_here_doc = 0;
+   report_syntax_error (_("maximum here-document count exceeded"));
+   reset_parser ();
+   exit_shell (last_command_exit_value);
+ }
+   redir_stack[need_here_doc++] = r;
+ }
+ 
  void
  gather_here_documents ()

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/

Problem with bash-4.3.28 patch

2014-10-01 Thread Chet Ramey

I am looking at a problem with the bash43-028 patch.  It applied cleanly to
the source tree I generated it against, but the line numbers in the y.tab.c
chunk aren't identical and cause the chunks that only differ in line
numbers to fail.

I will re-roll and redistribute the patch.  If you happen to apply it
before I do, just ignore the y.tab.c failures and regenerate it from
parse.y using bison.  If you don't have bison, I will have an updated
patch out this afternoon at the latest.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/

Patch bash43-028 doesn't apply

2014-10-01 Thread Adam Sampson

Hi bug-bash,

The patch bash43-028 on ftp.gnu.org doesn't apply. It has a load of
hunks with yacc filenames in:

! #line 324 "/usr/src/local/bash/bash-4.3-patched/parse.y"

But the filename in the upstream source is different, so that doesn't
match.

Thanks,

-- 
Adam Sampson

Re: Patch bash43-028 doesn't apply

2014-10-01 Thread Eric Blake

On 10/01/2014 09:31 AM, Adam Sampson wrote:
> Hi bug-bash,
> 
> The patch bash43-028 on ftp.gnu.org doesn't apply. It has a load of
> hunks with yacc filenames in:
> 
> ! #line 324 "/usr/src/local/bash/bash-4.3-patched/parse.y"
> 
> But the filename in the upstream source is different, so that doesn't
> match.

Known issue:

https://lists.gnu.org/archive/html/bug-bash/2014-10/msg8.html

has advice on how to proceed if you are too impatient to wait for the
pending respin of the patch.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[REISSUE] Bash-4.3 Official Patch 28

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release:   4.3
Patch-ID:   bash43-028

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch (apply with `patch -p0'):

*** ../bash-4.3-patched/parse.y 2014-09-25 23:02:35.0 -0400
--- parse.y 2014-09-29 16:47:03.0 -0400
***
*** 169,172 
--- 169,175 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 266,270 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 269,275 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 308,312 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST];
  static int word_top = -1;
  
--- 313,317 
 index is decremented after a case, select, or for command is parsed. */
  #define MAX_CASE_NEST 128
! static int word_lineno[MAX_CASE_NEST+1];
  static int word_top = -1;
  
***
*** 521,525 
  redir.filename = $2;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 526,530 
  redir.filename = $2;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 528,532 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   REDIR_WORD LESS_LESS WORD
--- 533,537 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, 0);
! push_heredoc ($$);
}
|   REDIR_WORD LESS_LESS WORD
***
*** 535,539 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, REDIR_VARASSIGN);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_MINUS WORD
--- 540,544 
  redir.filename = $3;
  $$ = make_redirection (source, r_reading_until, 
redir, REDIR_VARASSIGN);
! push_heredoc ($$);
}
|   LESS_LESS_MINUS WORD
***
*** 542,546 
  redir.filename = $2;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 547,551 
  redir.filename = $2;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 549,553 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! redir_stack[need_here_doc++] = $$;
}
|   REDIR_WORD  LESS_LESS_MINUS WORD
--- 554,558 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, 0);
! push_heredoc ($$);
}
|   REDIR_WORD  LESS_LESS_MINUS WORD
***
*** 556,560 
  redir.filename = $3;
  $$ = make_redirection (source, 
r_deblank_reading_until, redir, REDIR_VARASSIGN);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 561,565

[REISSUE] Bash-2.05b Official Patch 11

2014-10-01 Thread Chet Ramey

 BASH PATCH REPORT
 =

Bash-Release: 2.05b
Patch-ID: bash205b-011

Bug-Reported-by:Florian Weimer 
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

There are two local buffer overflows in parse.y that can cause the shell
to dump core when given many here-documents attached to a single command
or many nested loops.

Patch:

*** ../bash-2.05b.10/parse.y2014-09-25 16:46:51.0 -0400
--- parse.y 2014-09-30 20:11:38.0 -0400
***
*** 162,165 
--- 162,168 
  static int reserved_word_acceptable __P((int));
  static int yylex __P((void));
+ 
+ static void push_heredoc __P((REDIRECT *));
+ static char *mk_alexpansion __P((char *));
  static int alias_expand_token __P((char *));
  static int time_command_acceptable __P((void));
***
*** 249,253 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! static REDIRECT *redir_stack[10];
  int need_here_doc;
  
--- 252,258 
  /* Variables to manage the task of reading here documents, because we need to
 defer the reading until after a complete command has been collected. */
! #define HEREDOC_MAX 16
! 
! static REDIRECT *redir_stack[HEREDOC_MAX];
  int need_here_doc;
  
***
*** 405,409 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS WORD
--- 410,414 
  redir.filename = $2;
  $$ = make_redirection (0, r_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS WORD
***
*** 411,415 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   LESS_LESS_LESS WORD
--- 416,420 
  redir.filename = $3;
  $$ = make_redirection ($1, r_reading_until, redir);
! push_heredoc ($$);
}
|   LESS_LESS_LESS WORD
***
*** 468,472 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   NUMBER LESS_LESS_MINUS WORD
--- 473,477 
  $$ = make_redirection
(0, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   NUMBER LESS_LESS_MINUS WORD
***
*** 475,479 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! redir_stack[need_here_doc++] = $$;
}
|   GREATER_AND '-'
--- 480,484 
  $$ = make_redirection
($1, r_deblank_reading_until, redir);
! push_heredoc ($$);
}
|   GREATER_AND '-'
***
*** 2090,2093 
--- 2095,2113 
  static int esacs_needed_count;
  
+ static void
+ push_heredoc (r)
+  REDIRECT *r;
+ {
+   if (need_here_doc >= HEREDOC_MAX)
+ {
+   last_command_exit_value = EX_BADUSAGE;
+   need_here_doc = 0;
+   report_syntax_error ("maximum here-document count exceeded");
+   reset_parser ();
+   exit_shell (last_command_exit_value);
+ }
+   redir_stack[need_here_doc++] = r;
+ }
+ 
  void
  gather_here_documents ()

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRUc...@case.eduhttp://cnswww.cns.cwru.edu/~chet/

Bash-4.3 Official Patch 28

Bash-4.2 Official Patch 51

Bash-4.1 Official Patch 15

Bash-3.1 Official Patch 21

Bash-3.2 Official Patch 55

Bash-4.0 Official Patch 42

Bash-3.0 Official Patch 20

Bash-2.05b Official Patch 11

Problem with bash-4.3.28 patch

Patch bash43-028 doesn't apply

Re: Patch bash43-028 doesn't apply

[REISSUE] Bash-4.3 Official Patch 28

[REISSUE] Bash-2.05b Official Patch 11

13 matches

Site Navigation

Mail list logo

Footer information