BASH PATCH REPORT ================= Bash-Release: 4.2 Patch-ID: bash42-049 Bug-Reported-by: Tavis Ormandy Bug-Reference-ID: Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 Bug-Description: Under certain circumstances, bash can incorrectly save a lookahead character and return it on a subsequent call, even when reading a new line. Patch (apply with `patch -p0'): *** ../bash-4.2.48/parse.y 2012-12-31 11:52:57.000000000 -0500 --- parse.y 2014-09-25 16:12:19.000000000 -0400 *************** *** 2851,2854 **** --- 2851,2856 ---- word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *** ../bash-4.2.48/y.tab.c 2012-12-31 11:53:10.000000000 -0500 --- y.tab.c 2014-09-25 20:23:25.000000000 -0400 *************** *** 5163,5166 **** --- 5163,5168 ---- word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *************** *** 8377,8379 **** } #endif /* HANDLE_MULTIBYTE */ - --- 8379,8380 ---- *** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 --- patchlevel.h Thu Feb 24 21:41:34 2011 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 48 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 49 #endif /* _PATCHLEVEL_H_ */