Patch CVE-2014-7169

Patch-ID: bash41-013 Under certain circumstances, bash can incorrectly save a lookahead character and return it on a subsequent call, even when reading a new line. Change-Id: I29dcf444011f77e104b6a82e8cada731e3917646 ref: http://seclists.org/oss-sec/2014/q3/734 ref: http://seclists.org/oss-sec/2014/q3/685
author: Chet Ramey <chet.ramey@case.edu> 2014-09-25 23:31:51 -0600
committer: Paul Kocialkowski <contact@paulk.fr> 2014-10-05 10:53:52 +0200
commit: 64368c6fd95e4f749e6133398ad4d5fce3c9b940 (patch)
tree: 9eb09f03935b802996f16424a11736f45fca73ce
parent: 56e12157d93d9ccb4e1491443f10eb5f66c6471e (diff)
download: external_bash-64368c6fd95e4f749e6133398ad4d5fce3c9b940.zip
external_bash-64368c6fd95e4f749e6133398ad4d5fce3c9b940.tar.gz
external_bash-64368c6fd95e4f749e6133398ad4d5fce3c9b940.tar.bz2
2 files changed, 4 insertions, 0 deletions
diff --git a/parse.y b/parse.y
index b5c94e7..6f964ef 100644
--- a/parse.y
+++ b/parse.y
@@ -2848,6 +2848,8 @@ reset_parser ()
   FREE (word_desc_to_read);
   word_desc_to_read = (WORD_DESC *)NULL;
 
+  eol_ungetc_lookahead = 0;
+
   current_token = '\n';		/* XXX */
   last_read_token = '\n';
   token_to_read = '\n';
diff --git a/y.tab.c b/y.tab.c
index d8280fc..125d1a7 100644
--- a/y.tab.c
+++ b/y.tab.c
@@ -5160,6 +5160,8 @@ reset_parser ()
   FREE (word_desc_to_read);
   word_desc_to_read = (WORD_DESC *)NULL;
 
+  eol_ungetc_lookahead = 0;
+
   current_token = '\n';		/* XXX */
   last_read_token = '\n';
   token_to_read = '\n';
author	Chet Ramey <chet.ramey@case.edu>	2014-09-25 23:31:51 -0600
committer	Paul Kocialkowski <contact@paulk.fr>	2014-10-05 10:53:52 +0200
commit	64368c6fd95e4f749e6133398ad4d5fce3c9b940 (patch)
tree	9eb09f03935b802996f16424a11736f45fca73ce
parent	56e12157d93d9ccb4e1491443f10eb5f66c6471e (diff)
download	external_bash-64368c6fd95e4f749e6133398ad4d5fce3c9b940.zip external_bash-64368c6fd95e4f749e6133398ad4d5fce3c9b940.tar.gz external_bash-64368c6fd95e4f749e6133398ad4d5fce3c9b940.tar.bz2