Buffer overflow in bash 1.14.7(1)
Date: Sun, 6 Sep 1998 00:59:05 +0200
From: Wichert Akkerman <[email protected]>
To: [email protected]
Subject: Re: Buffer overflow in bash 1.14.7(1)
--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii
Some further looking revealed bash segfaulted on doing a strlen on
the length of the cwd, after getcwd() returned NULL since the cwd
was too long.
This patch fixes that by setting PWD to "." if the cwd is too long.
Wichert.
diff -ru org/bash-2.01.1/builtins/cd.def bash-2.01.1/builtins/cd.def
--- org/bash-2.01.1/builtins/cd.def Fri Apr 11 18:55:47 1997
+++ bash-2.01.1/builtins/cd.def Sun Sep 6 00:53:16 1998
@@ -146,11 +146,19 @@
needing a remake. */
if (old_anm == 0 && array_needs_making && exported_p (tvar))
{
- pwdvar = xmalloc (strlen (dirname) + 5); /* 5 = "PWD" + '=' + '\0' */
- strcpy (pwdvar, "PWD=");
- strcpy (pwdvar + 4, dirname);
- add_or_supercede_exported_var (pwdvar, 0);
- array_needs_making = 0;
+ if (dirname!=0)
+ {
+ pwdvar = xmalloc (strlen (dirname) + 5); /* 5 = "PWD" + '=' + '\0' */
+ strcpy (pwdvar, "PWD=");
+ strcpy (pwdvar + 4, dirname);
+ }
+ else
+ {
+ pwdvar=xmalloc (6);
+ strcpy (pwdvar, "PWD=.");
+ }
+ add_or_supercede_exported_var (pwdvar, 0);
+ array_needs_making = 0;
}
FREE (dirname);
--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQB1AwUBNfHCOajZR/ntlUftAQHuWQL/alQLr5eccdzCys0PDPlHdgRbqEpQ1wbV
/UMVIRI+uIfxMwogpX+n32zjTSkXNqRJkdfyAcPfJC44nktp8MfaALzm8koh93+C
DSktbWMtdS84/97TE0eGF9Qq6Ywti1dV
=Yrtt
-----END PGP SIGNATURE-----
--k+w/mQv8wyuph6w0--
