add CVE-2014-6278
authorHanno <hanno@gentoo.org>
Wed, 1 Oct 2014 18:58:15 +0000 (20:58 +0200)
committerHanno <hanno@gentoo.org>
Wed, 1 Oct 2014 18:58:15 +0000 (20:58 +0200)
bashcheck

index cc53946..b372664 100755 (executable)
--- a/bashcheck
+++ b/bashcheck
@@ -39,13 +39,23 @@ else
        echo -e "\033[96mTest for CVE-2014-7187 not reliable without address sanitizer\033[39m"
 fi
 
-$bash -c "f(){ x(){ _;};x(){ _;}<<a;}"
+$($bash -c "f(){ x(){ _;};x(){ _;}<<a;}")
 if [ $? != 0 ]; then
        echo -e "\033[91mVulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch]\033[39m"
 else
        echo -e "\033[96mNot vulnerable to CVE-2014-6277 (lcamtuf bug #1)\033[39m"
 fi
 
+if [ -n "$(env x='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then
+       echo -e "\033[91mVulnerable to CVE-2014-6278 (lcamtuf bug #2) [no prefix/suffix]\033[39m"
+elif [ -n "$(env BASH_FUNC_x%%='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then
+       echo -e "\033[91mVulnerable to CVE-2014-6278 (lcamtuf bug #2) [prefix/%%-suffix]\033[39m"
+elif [ -n "$(env 'BASH_FUNC_x()'='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then
+       echo -e "\033[91mVulnerable to CVE-2014-6278 (lcamtuf bug #2) [prefix/()-suffix]\033[39m"
+else
+       echo -e "\033[96mNot vulnerable to CVE-2014-6278 (lcamtuf bug #2)\033[39m"
+fi
+
 
 r=`a="() { echo x;}" $bash -c a 2>/dev/null`
 if [ -n "$r" ]; then