Am 24.09.2014 um 23:29 schrieb Yann Ylavic:
On Wed, Sep 24, 2014 at 11:15 PM, Rainer Jung <[email protected]> wrote:
A workaround like
--- server/util_script.c.orig 2013-09-14 14:12:54.000000000 +0000
+++ server/util_script.c 2014-09-24 20:35:54.952054361 +0000
@@ -128,6 +128,12 @@
}
++whack;
}
+ /* Sanitize leading "()" because of CVE-2014-6271 bash exploit */
+ whack++;
+ if (*whack++ == '(' && *whack == ')') {
Don't you mean if (*++whack == '(' && *++whack == ')') instead of the
2 lines above?
The original code works (tested with a CGI that prints env vars and
setting a custom header starting with "()".
The first ++ prefix is not needed because I have a whack++ in the line
before.
Otherwise the post incrementation won't be done before the second
condition, and the test always be false.
+ *whack-- = '_';
+ *whack = '_';
+ }
++j;
}
Thanks for double checking.
Regards,
Rainer
