rcolebaugh / rpms / bash

Forked from rpms/bash a year ago
Clone
Source Code
GIT

Blame SOURCES/bash-cve-2016-9401.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   07a490a1768e53a1dde7445048dc097ac105de50
  2.   SOURCES
  3.   bash-cve-2016-9401.patch
Blob History Raw
07a490 
diff --git a/builtins/pushd.def b/builtins/pushd.def
07a490 
index 05b7529..4eb0132 100644
07a490 
--- a/builtins/pushd.def
07a490 
+++ b/builtins/pushd.def
07a490 
@@ -353,7 +353,7 @@ popd_builtin (list)
07a490 
 	break;
07a490 
     }
07a490
07a490 
-  if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
07a490 
+  if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
07a490 
     {
07a490 
       pushd_error (directory_list_offset, which_word ? which_word : "");
07a490 
       return (EXECUTION_FAILURE);
07a490 
@@ -375,6 +375,11 @@ popd_builtin (list)
07a490 
 	 remove that directory from the list and shift the remainder
07a490 
 	 of the list into place. */
07a490 
       i = (direction == '+') ? directory_list_offset - which : which;
07a490 
+      if (i < 0 || i > directory_list_offset)
07a490 
+	{
07a490 
+	  pushd_error (directory_list_offset, which_word ? which_word : "");
07a490 
+	  return (EXECUTION_FAILURE);
07a490 
+	}
07a490 
       free (pushd_directory_list[i]);
07a490 
       directory_list_offset--;
07a490
07a490 
--
07a490 
2.9.3
07a490

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation