On 4/30/15 4:59 PM, Chet Ramey wrote:
>> Fix:
>> Use strncpy() in place of strcpy() in lib/sh/unicode.c:
>>
>> --- /tmp/bash-4.3.30/lib/sh/unicode.c 2014-01-30 21:47:19.0 +
>> +++ ./bash-4.3.30/lib/sh/unicode.c 2015-04-30 18:03:42.300340729 +
>> @@ -78,7 +78,8 @@
>>s =
On 4/30/15 2:13 PM, Trammell Hudson wrote:
> Bash Version: 4.3
> Patch Level: 30
> Release Status: release
>
> Description:
> Overly long LC_ALL or LC_CTYPE variables can cause a buffer overflow
> in converting 32-bit unicode characters. The stub_charset() function
> calls strcpy() into a static
2015-04-30 18:13:48 +, Trammell Hudson:
[...]
> Overly long LC_ALL or LC_CTYPE variables can cause a buffer overflow
> in converting 32-bit unicode characters. The stub_charset() function
> calls strcpy() into a static 40-byte buffer for the charset, which
> can be overflowed if the charset po
