app-shells/bash/files/bash-5.1-CVE-2022-3715.patch - third_party/overlays/chromiumos-overlay - Git at Google

 This fixes CVE-2022-3715 and is included in bash 5.2

 See: https://bugs.gentoo.org/889878

 diff --git a/subst.c b/subst.c
 index 2b76256..38ee9ac 100644
 --- a/subst.c
 +++ b/subst.c
 @@ -7962,7 +7962,7 @@ parameter_brace_transform (varname, value, ind, xform, rtype, quoted, pflags, fl
        return ((char *)NULL);
      }

 -  if (valid_parameter_transform (xform) == 0)
 +  if (xform[0] == 0 || valid_parameter_transform (xform) == 0)
      {
        this_command_name = oname;
  #if 0 /* TAG: bash-5.2 Martin Schulte <gnu@schrader-schulte.de> 10/2020 */
	This fixes CVE-2022-3715 and is included in bash 5.2

	See: https://bugs.gentoo.org/889878

	diff --git a/subst.c b/subst.c
	index 2b76256..38ee9ac 100644
	--- a/subst.c
	+++ b/subst.c
	@@ -7962,7 +7962,7 @@ parameter_brace_transform (varname, value, ind, xform, rtype, quoted, pflags, fl
	return ((char *)NULL);
	}

	- if (valid_parameter_transform (xform) == 0)
	+ if (xform[0] == 0 \|\| valid_parameter_transform (xform) == 0)
	{
	this_command_name = oname;
	#if 0 /* TAG: bash-5.2 Martin Schulte <gnu@schrader-schulte.de> 10/2020 */