Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Sep 2014 17:26:42 -0500
From: Mark Hatle <mark.hatle@...driver.com>
To: <oss-security@...ts.openwall.com>
Subject: Re: [security-vendor] Re: Fwd: Non-upstream patches
 for bash

On 9/25/14, 5:13 PM, Marc Deslauriers wrote:
> On 14-09-25 01:49 PM, Huzaifa Sidhpurwala wrote:
>> Hi All,
>>
>> Based on the current situation and the fact that there is confusion about what
>> patch to use for the bash issue. I wanted to post this here.
>>
>> We have found a few more issues (OOB memory access). Also I am posting Florain's
>> patch here which should fix the issue in a more deeper way rather than just
>> apply duct-tape.
>>
>
> Could we please get two CVE numbers assigned for the two OOB memory issues?

Using the two patches, CVE-2014-6271 and the one line eol-pushback.patch, I am 
not able to reproduce what I expect should be happing with bash 4.2.

Should I be seeing a problem with the reproducers that were mentioned in an 
earlier piece of this thread, either:

bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF
<<EOF <<EOF <<EOF <<EOF <<EOF'

or

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do 
echo done ; done) > test-script.sh $ bash test-script.sh


The first one gives me a series of:

bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted 
`EO')

But does not result in a segfault.. (perhaps my memory layout/allocations just 
happen to be avoiding that)

And the test-script.sh runs w/o segfault or other error being present.. again 
maybe I'm lucky?


(Or am I simply missing something in the reproducer steps?)

Mark Hatle
Wind River Systems

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ