|
|
|
|
|
|
by jballanc
4284 days ago
|
|
|
If you're following the instructions here: http://apple.stackexchange.com/questions/146849/how-do-i-rec... ...then this patch needs to be modified (different line numbers) before it can be applied to the Apple version of bash: --- parse.y.old 2014-09-25 13:42:17.000000000 +0300
+++ parse.y 2014-09-25 13:41:39.000000000 +0300
@@ -2503,6 +2503,8 @@
FREE (word_desc_to_read);
word_desc_to_read = (WORD_DESC *)NULL;
+ eol_ungetc_lookahead = 0;
+
last_read_token = '\n';
token_to_read = '\n';
}
Testing locally, this appears to mitigate both known (so far) vulnerabilities. |
|
|