[7894] in bugtraq
Re: Buffer overflow in bash 1.14.7(1)
daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Sat Sep 5 23:04:51 1998
Date: Sun, 6 Sep 1998 00:59:05 +0200
Reply-To: Wichert Akkerman <wichert@WIGGY.ML.ORG>
From: Wichert Akkerman <wichert@WIGGY.ML.ORG>
X-To: Joao Manuel Carolino <root@EINSTEIN.DHIS.EU.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980904151609.1385A-100000@einstein.dhis.eu.org>;
from Joao Manuel Carolino on Fri, Sep 04, 1998 at 04:09:28PM +0000
--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii
Some further looking revealed bash segfaulted on doing a strlen on
the length of the cwd, after getcwd() returned NULL since the cwd
was too long.
This patch fixes that by setting PWD to "." if the cwd is too long.
Wichert.
diff -ru org/bash-2.01.1/builtins/cd.def bash-2.01.1/builtins/cd.def
--- org/bash-2.01.1/builtins/cd.def Fri Apr 11 18:55:47 1997
+++ bash-2.01.1/builtins/cd.def Sun Sep 6 00:53:16 1998
@@ -146,11 +146,19 @@
needing a remake. */
if (old_anm == 0 && array_needs_making && exported_p (tvar))
{
- pwdvar = xmalloc (strlen (dirname) + 5); /* 5 = "PWD" + '=' + '\0' */
- strcpy (pwdvar, "PWD=");
- strcpy (pwdvar + 4, dirname);
- add_or_supercede_exported_var (pwdvar, 0);
- array_needs_making = 0;
+ if (dirname!=0)
+ {
+ pwdvar = xmalloc (strlen (dirname) + 5); /* 5 = "PWD" + '=' + '\0' */
+ strcpy (pwdvar, "PWD=");
+ strcpy (pwdvar + 4, dirname);
+ }
+ else
+ {
+ pwdvar=xmalloc (6);
+ strcpy (pwdvar, "PWD=.");
+ }
+ add_or_supercede_exported_var (pwdvar, 0);
+ array_needs_making = 0;
}
FREE (dirname);
--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQB1AwUBNfHCOajZR/ntlUftAQHuWQL/alQLr5eccdzCys0PDPlHdgRbqEpQ1wbV
/UMVIRI+uIfxMwogpX+n32zjTSkXNqRJkdfyAcPfJC44nktp8MfaALzm8koh93+C
DSktbWMtdS84/97TE0eGF9Qq6Ywti1dV
=Yrtt
-----END PGP SIGNATURE-----
--k+w/mQv8wyuph6w0--
