On Wed, Sep 24, 2014 at 12:08:46PM -0400, Chet Ramey wrote:
> On 9/24/14, 11:16 AM, Solar Designer wrote:
>
>> I see no good workaround.
>
> You're correct; there is not a good workaround. Since there are
> publicly available patches for all bash versions back 15 years or so,
> though, the best path forward is to apply those as quickly as
> possible.
>
> Chet
Hello Chet et al.
While taking a closer look at this issue on Bash 4.2, I noticed a
potential NULL deref. i.e.
$ FOO='() { :;}; blah4242' bash -c "echo bleh"
This occurs in bgp_prune() where, because bgpids.npid=0 and
js_c_childmax=-1, the code in the loop executes but bgpids.list=NULL.
I didn't look closely enough to know if this situation is only reachable
via the recently-fixed vulnerable code-path or not.
βmancha