Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!usenet.ins.cwru.edu!odin!chet
From: chet@odin.INS.CWRU.Edu (Chet Ramey)
Newsgroups: comp.os.linux.misc,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc
Subject: Patch for security problem with bash-1.14.6
Date: 23 Aug 1996 01:34:21 GMT
Organization: Case Western Reserve University
Lines: 31
Distribution: world
Message-ID: <4vj1qt$ngt@madeline.INS.CWRU.Edu>
NNTP-Posting-Host: odin.ins.cwru.edu
Summary: moderate-to-serious security ramifications
Xref: euryale.cc.adfa.oz.au comp.os.linux.misc:124457 comp.unix.bsd.freebsd.misc:25946 comp.unix.bsd.netbsd.misc:4460
The following patch to bash-1.14.6 will fix a recently-discovered
security problem. A more complete explanation will be posted early
next week, once this has had a chance to circulate.
---------------------------------- cut here ----------------------------------
*** parse.y.old Thu Nov 2 15:00:51 1995
--- parse.y Tue Aug 20 09:16:48 1996
***************
*** 904,910 ****
static int
yy_string_get ()
{
! register char *string;
register int c;
string = bash_input.location.string;
--- 904,910 ----
static int
yy_string_get ()
{
! register unsigned char *string;
register int c;
string = bash_input.location.string;
---------------------------------- cut here ----------------------------------
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
Chet Ramey, Case Western Reserve University Internet: chet@po.CWRU.Edu