1 files changed, 46 insertions, 0 deletions

diff --git a/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch b/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch
new file mode 100644
index 000000000000..bef960ab980c
--- /dev/null
+++ b/app-shells/bash/files/bash-4.2-dev-fd-buffer-overflow.patch
@@ -0,0 +1,46 @@
+https://bugs.gentoo.org/431850
+
+this is a minor tweak to the upstream patch to also apply to bash 4.1/4.0/3.2
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-033
+
+Bug-Reported-by:	David Leverton <levertond@googlemail.com>
+Bug-Reference-ID:	<4FCCE737.1060603@googlemail.com>
+Bug-Reference-URL:
+
+Bug-Description:
+
+Bash uses a static buffer when expanding the /dev/fd prefix for the test
+and conditional commands, among other uses, when it should use a dynamic
+buffer to avoid buffer overflow.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/sh/eaccess.c	2011-01-08 20:50:10.000000000 -0500
+--- lib/sh/eaccess.c	2012-06-04 21:06:43.000000000 -0400
+***************
+*** 83,86 ****
+--- 83,88 ----
+       struct stat *finfo;
+  {
++   static char *pbuf = 0;
++ 
+    if (*path == '\0')
+      {
+***************
+*** 107,111 ****
+       On most systems, with the notable exception of linux, this is
+       effectively a no-op. */
+!       char pbuf[32];
+        strcpy (pbuf, DEV_FD_PREFIX);
+        strcat (pbuf, path + 8);
+--- 109,113 ----
+       On most systems, with the notable exception of linux, this is
+       effectively a no-op. */
+!       pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
+        strcpy (pbuf, DEV_FD_PREFIX);
+        strcat (pbuf, path + 8);