Re: [security-vendor] Re: [oss-security] Fwd: Non-upstream patches for bash

[Mark Hatle <mark.hatle () windriver com>]

On 9/25/14, 5:13 PM, Marc Deslauriers wrote:
> On 14-09-25 01:49 PM, Huzaifa Sidhpurwala wrote:
> > Hi All,
> >
> > Based on the current situation and the fact that there is confusion about what
> > patch to use for the bash issue. I wanted to post this here.
> >
> > We have found a few more issues (OOB memory access). Also I am posting Florain's
> > patch here which should fix the issue in a more deeper way rather than just
> > apply duct-tape.
>
> Could we please get two CVE numbers assigned for the two OOB memory issues?

Using the two patches, CVE-2014-6271 and the one line eol-pushback.patch, I am 
not able to reproduce what I expect should be happing with bash 4.2.

Should I be seeing a problem with the reproducers that were mentioned in an 
earlier piece of this thread, either:

bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF
<<EOF <<EOF <<EOF <<EOF <<EOF'

or

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do 
echo done ; done) > test-script.sh $ bash test-script.sh


The first one gives me a series of:

bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted 
`EO')

But does not result in a segfault.. (perhaps my memory layout/allocations just 
happen to be avoiding that)

And the test-script.sh runs w/o segfault or other error being present.. again 
maybe I'm lucky?


(Or am I simply missing something in the reproducer steps?)

Mark Hatle
Wind River Systems