[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    homemade fix for recent bash buf OF
From:       Andrey Alekseyev <fetch () MUFFIN ! ARCADIA ! SPB ! RU>
Date:       1998-10-30 20:10:51
[Download RAW message or body]

Hello,

Having recently got an extremely high anxiety for buffer overflow
in present bash versions (that case with PS1 and rl_redisplay in
lib/readline/dislay.c) I developed a small patch for myself (below).
Seems to be functional, although produces a slightly strange
effect when setting very long PS1 (no prompt at all:) , but no
fault also).
So, the patch itself (bash version is 2.02.1)

--- display.c.orig      Tue Jun 30 20:09:32 1998
+++ display.c   Fri Oct 30 22:56:50 1998
@@ -373,8 +373,11 @@

       if (local_len > 0)
        {
-         strncpy (line + out, local_prompt, local_len);
-         out += local_len;
+         if ((out + local_len) < line_size)
+         {
+              strncpy (line + out, local_prompt, local_len);
+              out += local_len;
+         }
        }
       line[out] = '\0';
       wrap_offset = local_len - visible_length;
@@ -399,8 +402,11 @@
        }

       pmtlen = strlen (prompt_this_line);
-      strncpy (line + out,  prompt_this_line, pmtlen);
-      out += pmtlen;
+      if ((out + pmtlen) < line_size)
+      {
+          strncpy (line + out,  prompt_this_line, pmtlen);
+          out += pmtlen;
+      }
       line[out] = '\0';
       wrap_offset = 0;
     }

--
=fetch

[prev in list] [next in list] [prev in thread] [next in thread]