commit 87477a2be15894c8ccf7876879b9723a18e380ec
author Oleksandr Tymoshenko <ovt@google.com> Mon Feb 27 22:25:27 2023 +0000
committer Oleksandr Tymoshenko <ovt@google.com> Tue Feb 28 05:42:35 2023 +0000
tree 7e99a1b88a178d84e8cfafcd3105a0857120bf1e
parent 784c812f44df93c5c7ddd63f2dcb447c4151ae96

app-shells/bash: fix CVE-2019-9924.

BUG=b/269241909
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2019-9924.

cos-patch: security-high
Change-Id: I28fb2bf4f1e742ebddac96b828f6038ef0bb3079
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/43890
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Meena Shanmugam <meenashanmugam@google.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>

app-shells/bash/bash-4.3_p48-r1.ebuild

diff --git a/app-shells/bash/bash-4.3_p48-r1.ebuild b/app-shells/bash/bash-4.3_p48-r1.ebuild
index 46b40b0..36ce246 100644
--- a/app-shells/bash/bash-4.3_p48-r1.ebuild
+++ b/app-shells/bash/bash-4.3_p48-r1.ebuild
@@ -55,6 +55,7 @@
 	"${FILESDIR}"/${PN}-4.3-protos.patch
 	"${FILESDIR}"/${PN}-4.4-popd-offset-overflow.patch #600174
 	"${FILESDIR}"/${PN}-4.3-CVE-2019-18276.patch
+	"${FILESDIR}"/${PN}-4.3-CVE-2019-9924.patch
 )
 
 S=${WORKDIR}/${MY_P}

app-shells/bash/bash-4.3_p48-r6.ebuild

diff --git a/app-shells/bash/bash-4.3_p48-r5.ebuild b/app-shells/bash/bash-4.3_p48-r6.ebuild
similarity index 100%
rename from app-shells/bash/bash-4.3_p48-r5.ebuild
rename to app-shells/bash/bash-4.3_p48-r6.ebuild

app-shells/bash/files/bash-4.3-CVE-2019-9924.patch

diff --git a/app-shells/bash/files/bash-4.3-CVE-2019-9924.patch b/app-shells/bash/files/bash-4.3-CVE-2019-9924.patch
new file mode 100644
index 0000000..438ebbf
--- /dev/null
+++ b/app-shells/bash/files/bash-4.3-CVE-2019-9924.patch
@@ -0,0 +1,24 @@
+Description: if the shell is restricted, reject attempts to add pathnames
+ containing slashes to the hash table
+Origin: backport, http://git.savannah.gnu.org/cgit/bash.git/commit/?h=bash-4.4-testing&id=a4eef1991c25c9d1c55f777952cd522c762c6fc3
+Bug: https://savannah.gnu.org/support/?108969
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
+
+Index: bash-4.3/variables.c
+===================================================================
+--- bash-4.3.orig/variables.c	2019-07-12 14:12:19.000000000 -0400
++++ bash-4.3/variables.c	2019-07-12 14:24:58.364792719 -0400
+@@ -1601,6 +1601,13 @@ assign_hashcmd (self, value, ind, key)
+      arrayind_t ind;
+      char *key;
+ {
++#if defined (RESTRICTED_SHELL)
++  if (restricted && strchr (value, '/'))
++    {
++      sh_restricted (value);
++      return (SHELL_VAR *)NULL;
++    }
++#endif
+   phash_insert (key, value, 0, 0);
+   return (build_hashcmd (self));
+ }