BASH PATCH REPORT ================= Bash-Release: 4.2 Patch-ID: bash42-052 Bug-Reported-by: Michal Zalewski Bug-Reference-ID: Bug-Reference-URL: Bug-Description: When bash is parsing a function definition that contains a here-document delimited by end-of-file (or end-of-string), it leaves the closing delimiter uninitialized. This can result in an invalid memory access when the parsed function is later copied. Patch (apply with `patch -p0'): *** ../bash-4.2.51/make_cmd.c 2009-09-11 17:26:12.000000000 -0400 --- make_cmd.c 2014-10-02 11:26:58.000000000 -0400 *************** *** 690,693 **** --- 690,694 ---- temp->redirector = source; temp->redirectee = dest_and_filename; + temp->here_doc_eof = 0; temp->instruction = instruction; temp->flags = 0; *** ../bash-4.2.51/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400 --- copy_cmd.c 2014-10-02 11:26:58.000000000 -0400 *************** *** 127,131 **** case r_reading_until: case r_deblank_reading_until: ! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof); /*FALLTHROUGH*/ case r_reading_string: --- 127,131 ---- case r_reading_until: case r_deblank_reading_until: ! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0; /*FALLTHROUGH*/ case r_reading_string: *** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 --- patchlevel.h Thu Feb 24 21:41:34 2011 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 51 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 52 #endif /* _PATCHLEVEL_H_ */