BASH PATCH REPORT ================= Bash-Release: 4.0 Patch-ID: bash40-040 Bug-Reported-by: Tavis Ormandy Bug-Reference-ID: Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 Bug-Description: Under certain circumstances, bash can incorrectly save a lookahead character and return it on a subsequent call, even when reading a new line. Patch (apply with `patch -p0'): *** ../bash-4.0.39/parse.y 2009-06-02 09:08:07.000000000 -0400 --- parse.y 2014-09-25 16:15:47.000000000 -0400 *************** *** 2671,2674 **** --- 2671,2676 ---- word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *** ../bash-4.0.39/y.tab.c 2009-01-08 09:30:24.000000000 -0500 --- y.tab.c 2014-09-25 20:27:08.000000000 -0400 *************** *** 4927,4930 **** --- 4927,4932 ---- word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + last_read_token = '\n'; token_to_read = '\n'; *************** *** 7910,7912 **** } #endif /* HANDLE_MULTIBYTE */ - --- 7912,7913 ---- *** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500 --- patchlevel.h 2009-02-22 16:11:31.000000000 -0500 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 39 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 40 #endif /* _PATCHLEVEL_H_ */