nalika / rpms / bash

Forked from rpms/bash 2 years ago
Clone

Blame SOURCES/bash-4.3-cve-2016-0634.patch

a01f16
diff --git a/parse.y b/parse.y
a01f16
index 12d6def..d4a93a2 100644
a01f16
--- a/parse.y
a01f16
+++ b/parse.y
a01f16
@@ -5103,7 +5103,7 @@ decode_prompt_string (string)
a01f16
   size_t result_size;
a01f16
   int result_index;
a01f16
   int c, n, i;
a01f16
-  char *temp, octal_string[4];
a01f16
+  char *temp, *t_host, octal_string[4];
a01f16
   struct tm *tm;  
a01f16
   time_t the_time;
a01f16
   char timebuf[128];
a01f16
@@ -5251,7 +5251,11 @@ decode_prompt_string (string)
a01f16
 
a01f16
 	    case 's':
a01f16
 	      temp = base_pathname (shell_name);
a01f16
-	      temp = savestring (temp);
a01f16
+	      /* Try to quote anything the user can set in the file system */
a01f16
+	      if (promptvars || posixly_correct)
a01f16
+		temp = sh_backslash_quote_for_double_quotes (temp);
a01f16
+	      else
a01f16
+		temp = savestring (temp);
a01f16
 	      goto add_string;
a01f16
 
a01f16
 	    case 'v':
a01f16
@@ -5337,9 +5341,17 @@ decode_prompt_string (string)
a01f16
 
a01f16
 	    case 'h':
a01f16
 	    case 'H':
a01f16
-	      temp = savestring (current_host_name);
a01f16
-	      if (c == 'h' && (t = (char *)strchr (temp, '.')))
a01f16
+	      t_host = savestring (current_host_name);
a01f16
+	      if (c == 'h' && (t = (char *)strchr (t_host, '.')))
a01f16
 		*t = '\0';
a01f16
+	      if (promptvars || posixly_correct)
a01f16
+		/* Make sure that expand_prompt_string is called with a
a01f16
+		   second argument of Q_DOUBLE_QUOTES if we use this
a01f16
+		   function here. */
a01f16
+		temp = sh_backslash_quote_for_double_quotes (t_host);
a01f16
+	      else
a01f16
+		temp = savestring (t_host);
a01f16
+	      free (t_host);
a01f16
 	      goto add_string;
a01f16
 
a01f16
 	    case '#':
a01f16
diff --git a/y.tab.c b/y.tab.c
a01f16
index 23b88bc..1c0f5a1 100644
a01f16
--- a/y.tab.c
a01f16
+++ b/y.tab.c
a01f16
@@ -7368,7 +7368,7 @@ decode_prompt_string (string)
a01f16
   size_t result_size;
a01f16
   int result_index;
a01f16
   int c, n, i;
a01f16
-  char *temp, octal_string[4];
a01f16
+  char *temp, *t_host, octal_string[4];
a01f16
   struct tm *tm;  
a01f16
   time_t the_time;
a01f16
   char timebuf[128];
a01f16
@@ -7513,7 +7513,11 @@ decode_prompt_string (string)
a01f16
 
a01f16
 	    case 's':
a01f16
 	      temp = base_pathname (shell_name);
a01f16
-	      temp = savestring (temp);
a01f16
+	      /* Try to quote anything the user can set in the file system */
a01f16
+	      if (promptvars || posixly_correct)
a01f16
+		temp = sh_backslash_quote_for_double_quotes (temp);
a01f16
+	      else
a01f16
+		temp = savestring (temp);
a01f16
 	      goto add_string;
a01f16
 
a01f16
 	    case 'v':
a01f16
@@ -7599,9 +7603,17 @@ decode_prompt_string (string)
a01f16
 
a01f16
 	    case 'h':
a01f16
 	    case 'H':
a01f16
-	      temp = savestring (current_host_name);
a01f16
-	      if (c == 'h' && (t = (char *)strchr (temp, '.')))
a01f16
+	      t_host = savestring (current_host_name);
a01f16
+	      if (c == 'h' && (t = (char *)strchr (t_host, '.')))
a01f16
 		*t = '\0';
a01f16
+	      if (promptvars || posixly_correct)
a01f16
+		/* Make sure that expand_prompt_string is called with a
a01f16
+		   second argument of Q_DOUBLE_QUOTES if we use this
a01f16
+		   function here. */
a01f16
+		temp = sh_backslash_quote_for_double_quotes (t_host);
a01f16
+	      else
a01f16
+		temp = savestring (t_host);
a01f16
+	      free (t_host);
a01f16
 	      goto add_string;
a01f16
 
a01f16
 	    case '#':
a01f16
-- 
a01f16
2.9.3
a01f16