| BASH PATCH REPORT |
| ================= |
| |
| Bash-Release: 4.2 |
| Patch-ID: bash42-052 |
| |
| Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx> |
| Bug-Reference-ID: |
| Bug-Reference-URL: |
| |
| Bug-Description: |
| |
| When bash is parsing a function definition that contains a here-document |
| delimited by end-of-file (or end-of-string), it leaves the closing delimiter |
| uninitialized. This can result in an invalid memory access when the parsed |
| function is later copied. |
| |
| Patch (apply with `patch -p0'): |
| |
| *** ../bash-4.2.51/make_cmd.c 2009-09-11 17:26:12.000000000 -0400 |
| --- make_cmd.c 2014-10-02 11:26:58.000000000 -0400 |
| *************** |
| *** 690,693 **** |
| --- 690,694 ---- |
| temp->redirector = source; |
| temp->redirectee = dest_and_filename; |
| + temp->here_doc_eof = 0; |
| temp->instruction = instruction; |
| temp->flags = 0; |
| *** ../bash-4.2.51/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400 |
| --- copy_cmd.c 2014-10-02 11:26:58.000000000 -0400 |
| *************** |
| *** 127,131 **** |
| case r_reading_until: |
| case r_deblank_reading_until: |
| ! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); |
| /*FALLTHROUGH*/ |
| case r_reading_string: |
| --- 127,131 ---- |
| case r_reading_until: |
| case r_deblank_reading_until: |
| ! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; |
| /*FALLTHROUGH*/ |
| case r_reading_string: |