Bugtraq mailing list archives
Re: Buffer overflow in bash 1.14.7(1)
From: wichert () WIGGY ML ORG (Wichert Akkerman)
Date: Sun, 6 Sep 1998 00:59:05 +0200
--k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Some further looking revealed bash segfaulted on doing a strlen on the length of the cwd, after getcwd() returned NULL since the cwd was too long. This patch fixes that by setting PWD to "." if the cwd is too long. Wichert. diff -ru org/bash-2.01.1/builtins/cd.def bash-2.01.1/builtins/cd.def --- org/bash-2.01.1/builtins/cd.def Fri Apr 11 18:55:47 1997 +++ bash-2.01.1/builtins/cd.def Sun Sep 6 00:53:16 1998 @@ -146,11 +146,19 @@ needing a remake. */ if (old_anm == 0 && array_needs_making && exported_p (tvar)) { - pwdvar = xmalloc (strlen (dirname) + 5); /* 5 = "PWD" + '=' + '\0' */ - strcpy (pwdvar, "PWD="); - strcpy (pwdvar + 4, dirname); - add_or_supercede_exported_var (pwdvar, 0); - array_needs_making = 0; + if (dirname!=0) + { + pwdvar = xmalloc (strlen (dirname) + 5); /* 5 = "PWD" + '=' + '\0' */ + strcpy (pwdvar, "PWD="); + strcpy (pwdvar + 4, dirname); + } + else + { + pwdvar=xmalloc (6); + strcpy (pwdvar, "PWD=."); + } + add_or_supercede_exported_var (pwdvar, 0); + array_needs_making = 0; } FREE (dirname); --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQB1AwUBNfHCOajZR/ntlUftAQHuWQL/alQLr5eccdzCys0PDPlHdgRbqEpQ1wbV /UMVIRI+uIfxMwogpX+n32zjTSkXNqRJkdfyAcPfJC44nktp8MfaALzm8koh93+C DSktbWMtdS84/97TE0eGF9Qq6Ywti1dV =Yrtt -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0--
Current thread:
- Buffer overflow in bash 1.14.7(1) Joao Manuel Carolino (Sep 04)
- Re: Buffer overflow in bash 1.14.7(1) Michael Riepe (Sep 05)
- Re: Buffer overflow in bash 1.14.7(1) Wichert Akkerman (Sep 05)
- Re: Buffer overflow in bash 1.14.7(1) Chet Ramey (Sep 08)
- sshd exploit? Navindra Umanee (Sep 05)
- Re: sshd exploit? Seth David Schoen (Sep 06)
- Reading read-protected devices in *BSD Hubert Feyrer (Sep 06)
- Re: Reading read-protected devices in *BSD Todd C. Miller (Sep 06)
- Re: Reading read-protected devices in *BSD Eivind Eklund (Sep 06)
- Another way to crash HP 5M/5N printers bwoodard () CISCO COM (Sep 05)
- Windows File Share Scanner ZyklonB Zombie (Sep 05)
- Re: Buffer overflow in bash 1.14.7(1) Fiji (Sep 10)
- Re: Buffer overflow in bash 1.14.7(1) Razvan Dragomirescu (Sep 10)