| blob | f68c7ab476c5bd5790098f36cb738cb774e476e6 |
1 BASH PATCH REPORT
2 =================
4 Bash-Release: 4.4
5 Patch-ID: bash44-006
7 Bug-Reported-by: <fernando@null-life.com>
8 Bug-Reference-ID: <CAEr-gPFPvqheiAeENmMkEwWRd4U=1iqCsYmR3sLdULOqL++_tQ@mail.gmail.com>
9 Bug-Reference-URL:
11 Bug-Description:
13 Out-of-range negative offsets to popd can cause the shell to crash attempting
14 to free an invalid memory block.
16 Patch (apply with `patch -p0'):
18 *** ../bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.000000000 -0500
19 --- builtins/pushd.def 2016-10-28 10:46:49.000000000 -0400
20 ***************
21 *** 366,370 ****
22 }
24 ! if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
25 {
26 pushd_error (directory_list_offset, which_word ? which_word : "");
27 --- 366,370 ----
28 }
30 ! if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
31 {
32 pushd_error (directory_list_offset, which_word ? which_word : "");
33 ***************
34 *** 388,391 ****
35 --- 388,396 ----
36 of the list into place. */
37 i = (direction == '+') ? directory_list_offset - which : which;
38 + if (i < 0 || i > directory_list_offset)
39 + {
40 + pushd_error (directory_list_offset, which_word ? which_word : "");
41 + return (EXECUTION_FAILURE);
42 + }
43 free (pushd_directory_list[i]);
44 directory_list_offset--;
45 *** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
46 --- patchlevel.h 2016-10-01 11:01:28.000000000 -0400
47 ***************
48 *** 26,30 ****
49 looks for to find the patch level (for the sccs version string). */
51 ! #define PATCHLEVEL 5
53 #endif /* _PATCHLEVEL_H_ */
54 --- 26,30 ----
55 looks for to find the patch level (for the sccs version string). */
57 ! #define PATCHLEVEL 6
59 #endif /* _PATCHLEVEL_H_ */