DisplayGfA001-legal-info/sources/bash-4.3.30/0035-patchlevel-35.patch

From http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-035

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

			     BASH PATCH REPORT
			     =================

Bash-Release:	4.3
Patch-ID:	bash43-035

Bug-Reported-by:	<romerox.adrian@gmail.com>
Bug-Reference-ID:	<CABV5r3zhPXmSKUe9uedeGc5YFBM2njJ1iVmY2h5neWdQpDBQug@mail.gmail.com>
Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-08/msg00045.html

Bug-Description:

A locale with a long name can trigger a buffer overflow and core dump.  This
applies on systems that do not have locale_charset in libc, are not using
GNU libiconv, and are not using the libintl that ships with bash in lib/intl.

Patch (apply with `patch -p0'):

*** a/bash-4.3-patched/lib/sh/unicode.c	2014-01-30 16:47:19.000000000 -0500
--- b/lib/sh/unicode.c	2015-05-01 08:58:30.000000000 -0400
***************
*** 79,83 ****
    if (s)
      {
!       strcpy (charsetbuf, s+1);
        t = strchr (charsetbuf, '@');
        if (t)
--- 79,84 ----
    if (s)
      {
!       strncpy (charsetbuf, s+1, sizeof (charsetbuf) - 1);
!       charsetbuf[sizeof (charsetbuf) - 1] = '\0';
        t = strchr (charsetbuf, '@');
        if (t)
***************
*** 85,89 ****
        return charsetbuf;
      }
!   strcpy (charsetbuf, locale);
    return charsetbuf;
  }
--- 86,91 ----
        return charsetbuf;
      }
!   strncpy (charsetbuf, locale, sizeof (charsetbuf) - 1);
!   charsetbuf[sizeof (charsetbuf) - 1] = '\0';
    return charsetbuf;
  }
*** a/bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
--- b/patchlevel.h	2014-03-20 20:01:28.000000000 -0400
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 34
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 35
  
  #endif /* _PATCHLEVEL_H_ */