aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbdrewery <bdrewery@FreeBSD.org>2014-10-01 11:35:12 +0800
committerbdrewery <bdrewery@FreeBSD.org>2014-10-01 11:35:12 +0800
commit88bd061ef83b7ef04241de4d98b537f7db57e363 (patch)
tree421197f770977e056e141e94251c222e480a1893
parent349252814192f01ce79c85ea4bab63308bd5c7b7 (diff)
downloadfreebsd-ports-gnome-88bd061ef83b7ef04241de4d98b537f7db57e363.tar.gz
freebsd-ports-gnome-88bd061ef83b7ef04241de4d98b537f7db57e363.tar.zst
freebsd-ports-gnome-88bd061ef83b7ef04241de4d98b537f7db57e363.zip
Add RedHat's patch for CVE-2014-7186, commonly known as "redir_stack" overflow,
which has not been shown to be as critical as "shellshock" currently. Security: CVE-2014-7186
-rw-r--r--shells/bash/Makefile2
-rw-r--r--shells/bash/files/patch-parse.y86
2 files changed, 87 insertions, 1 deletions
diff --git a/shells/bash/Makefile b/shells/bash/Makefile
index ed5bf5575ec8..b067b598f9b7 100644
--- a/shells/bash/Makefile
+++ b/shells/bash/Makefile
@@ -4,7 +4,7 @@
PORTNAME= bash
PATCHLEVEL= 27
PORTVERSION= 4.3.${PATCHLEVEL:S/^0//g}
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES= shells
MASTER_SITES= GNU
MASTER_SITE_SUBDIR= ${PORTNAME}
diff --git a/shells/bash/files/patch-parse.y b/shells/bash/files/patch-parse.y
new file mode 100644
index 000000000000..0c571ecc363a
--- /dev/null
+++ b/shells/bash/files/patch-parse.y
@@ -0,0 +1,86 @@
+From Florian Weimer at RedHat for CVE-2014-7186:
+http://www.openwall.com/lists/oss-security/2014/09/25/32
+
+--- parse.y.orig 2014-09-30 12:58:08.462512373 -0400
++++ parse.y 2014-09-30 12:58:08.629018000 -0400
+@@ -265,9 +265,21 @@
+
+ /* Variables to manage the task of reading here documents, because we need to
+ defer the reading until after a complete command has been collected. */
+-static REDIRECT *redir_stack[10];
++static REDIRECT **redir_stack;
+ int need_here_doc;
+
++/* Pushes REDIR onto redir_stack, resizing it as needed. */
++static void
++push_redir_stack (REDIRECT *redir)
++{
++ /* Guard against oveflow. */
++ if (need_here_doc + 1 > INT_MAX / sizeof (*redir_stack))
++ abort ();
++ redir_stack = xrealloc (redir_stack,
++ (need_here_doc + 1) * sizeof (*redir_stack));
++ redir_stack[need_here_doc++] = redir;
++}
++
+ /* Where shell input comes from. History expansion is performed on each
+ line when the shell is interactive. */
+ static char *shell_input_line = (char *)NULL;
+@@ -520,42 +532,42 @@
+ source.dest = 0;
+ redir.filename = $2;
+ $$ = make_redirection (source, r_reading_until, redir, 0);
+- redir_stack[need_here_doc++] = $$;
++ push_redir_stack ($$);
+ }
+ | NUMBER LESS_LESS WORD
+ {
+ source.dest = $1;
+ redir.filename = $3;
+ $$ = make_redirection (source, r_reading_until, redir, 0);
+- redir_stack[need_here_doc++] = $$;
++ push_redir_stack ($$);
+ }
+ | REDIR_WORD LESS_LESS WORD
+ {
+ source.filename = $1;
+ redir.filename = $3;
+ $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
+- redir_stack[need_here_doc++] = $$;
++ push_redir_stack ($$);
+ }
+ | LESS_LESS_MINUS WORD
+ {
+ source.dest = 0;
+ redir.filename = $2;
+ $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+- redir_stack[need_here_doc++] = $$;
++ push_redir_stack ($$);
+ }
+ | NUMBER LESS_LESS_MINUS WORD
+ {
+ source.dest = $1;
+ redir.filename = $3;
+ $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+- redir_stack[need_here_doc++] = $$;
++ push_redir_stack ($$);
+ }
+ | REDIR_WORD LESS_LESS_MINUS WORD
+ {
+ source.filename = $1;
+ redir.filename = $3;
+ $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
+- redir_stack[need_here_doc++] = $$;
++ push_redir_stack ($$);
+ }
+ | LESS_LESS_LESS WORD
+ {
+@@ -4905,7 +4917,7 @@
+ case CASE:
+ case SELECT:
+ case FOR:
+- if (word_top < MAX_CASE_NEST)
++ if (word_top + 1 < MAX_CASE_NEST)
+ word_top++;
+ word_lineno[word_top] = line_number;
+ break;