...
This noncompliant code example is taken from a vulnerability in bash versions 1.14.6 and earlier that led to the release of CERT Advisory CA-1996-22. This vulnerability resulted from the sign extension of character data referenced by the c_str pointer in the yy_string_get() function in the parse.y module of the bash source code,:
| Code Block | ||||
|---|---|---|---|---|
| ||||
static int yy_string_get(void) {
register char *c_str;
register int c;
c_str = bash_input.location.string;
c = EOF;
/* If the string doesn't exist or is empty, EOF found */
if (c_str && *c_str) {
c = *c_str++;
bash_input.location.string = c_str;
}
return (c);
}
|
...