[8372] in bugtraq
homemade fix for recent bash buf OF
daemon@ATHENA.MIT.EDU (Andrey Alekseyev)
Tue Nov 3 16:24:10 1998
Date: Fri, 30 Oct 1998 23:10:51 +0300
Reply-To: Andrey Alekseyev <fetch@MUFFIN.ARCADIA.SPB.RU>
From: Andrey Alekseyev <fetch@MUFFIN.ARCADIA.SPB.RU>
To: BUGTRAQ@NETSPACE.ORG
Hello,
Having recently got an extremely high anxiety for buffer overflow
in present bash versions (that case with PS1 and rl_redisplay in
lib/readline/dislay.c) I developed a small patch for myself (below).
Seems to be functional, although produces a slightly strange
effect when setting very long PS1 (no prompt at all:) , but no
fault also).
So, the patch itself (bash version is 2.02.1)
--- display.c.orig Tue Jun 30 20:09:32 1998
+++ display.c Fri Oct 30 22:56:50 1998
@@ -373,8 +373,11 @@
if (local_len > 0)
{
- strncpy (line + out, local_prompt, local_len);
- out += local_len;
+ if ((out + local_len) < line_size)
+ {
+ strncpy (line + out, local_prompt, local_len);
+ out += local_len;
+ }
}
line[out] = '\0';
wrap_offset = local_len - visible_length;
@@ -399,8 +402,11 @@
}
pmtlen = strlen (prompt_this_line);
- strncpy (line + out, prompt_this_line, pmtlen);
- out += pmtlen;
+ if ((out + pmtlen) < line_size)
+ {
+ strncpy (line + out, prompt_this_line, pmtlen);
+ out += pmtlen;
+ }
line[out] = '\0';
wrap_offset = 0;
}
--
=fetch
