Patch cve-2014-6271

Patch-ID: bash30-017
Under certain circumstances, bash will execute user code while processing the
environment for exported function definitions.

Change-Id: Iccac7b4ae914354978079783a9fe50b3b38ddad5

1 files changed, 11 insertions, 0 deletions

diff --git a/builtins/evalstring.c b/builtins/evalstring.c
index 333a56e..61f57fc 100644
--- a/builtins/evalstring.c
+++ b/builtins/evalstring.c
@@ -261,6 +261,14 @@ parse_and_execute (string, from_file, flags)
 	    {
 	      struct fd_bitmap *bitmap;
 
+	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+		{
+		  internal_warning ("%s: ignoring function definition attempt", from_file);
+		  should_jump_to_top_level = 0;
+		  last_result = last_command_exit_value = EX_BADUSAGE;
+		  break;
+		}
+
 	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
 	      begin_unwind_frame ("pe_dispose");
 	      add_unwind_protect (dispose_fd_bitmap, bitmap);
@@ -321,6 +329,9 @@ parse_and_execute (string, from_file, flags)
 	      dispose_command (command);
 	      dispose_fd_bitmap (bitmap);
 	      discard_unwind_frame ("pe_dispose");
+
+	      if (flags & SEVAL_ONECMD)
+		break;
 	    }
 	}
       else