Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Sun, 6 Sep 1998 00:59:05 +0200
From: Wichert Akkerman <wichert@WIGGY.ML.ORG>
To: BUGTRAQ@netspace.org
Subject: Re: Buffer overflow in bash 1.14.7(1)

--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii


Some further looking revealed bash segfaulted on doing a strlen on
the length of the cwd, after getcwd() returned NULL since the cwd
was too long.

This patch fixes that by setting PWD to "." if the cwd is too long.

Wichert.

diff -ru org/bash-2.01.1/builtins/cd.def bash-2.01.1/builtins/cd.def
--- org/bash-2.01.1/builtins/cd.def     Fri Apr 11 18:55:47 1997
+++ bash-2.01.1/builtins/cd.def Sun Sep  6 00:53:16 1998
@@ -146,11 +146,19 @@
      needing a remake. */
   if (old_anm == 0 && array_needs_making && exported_p (tvar))
     {
-      pwdvar = xmalloc (strlen (dirname) + 5); /* 5 = "PWD" + '=' + '\0' */
-      strcpy (pwdvar, "PWD=");
-      strcpy (pwdvar + 4, dirname);
-      add_or_supercede_exported_var (pwdvar, 0);
-      array_needs_making = 0;
+      if (dirname!=0)
+        {
+          pwdvar = xmalloc (strlen (dirname) + 5);     /* 5 = "PWD" + '=' + '\0' */
+          strcpy (pwdvar, "PWD=");
+          strcpy (pwdvar + 4, dirname);
+        }
+      else
+        {
+          pwdvar=xmalloc (6);
+          strcpy (pwdvar, "PWD=.");
+        }
+        add_or_supercede_exported_var (pwdvar, 0);
+        array_needs_making = 0;
     }

   FREE (dirname);



--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQB1AwUBNfHCOajZR/ntlUftAQHuWQL/alQLr5eccdzCys0PDPlHdgRbqEpQ1wbV
/UMVIRI+uIfxMwogpX+n32zjTSkXNqRJkdfyAcPfJC44nktp8MfaALzm8koh93+C
DSktbWMtdS84/97TE0eGF9Qq6Ywti1dV
=Yrtt
-----END PGP SIGNATURE-----

--k+w/mQv8wyuph6w0--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: