diff options
| author | Michal Zalewski <lcamtuf@coredump.cx> | 2014-10-10 11:16:06 +0100 |
|---|---|---|
| committer | Paul Kocialkowski <contact@paulk.fr> | 2014-11-16 11:43:09 +0100 |
| commit | 80df778bb8f868423dfe5fc9847238eee8d0a764 (patch) | |
| tree | 59d45ed476618e369899aaf1252f5ffcbb4df87e /builtins | |
| parent | 2190a70e6324494accf7747d2aa9f5e8702d875c (diff) | |
| download | external_bash-80df778bb8f868423dfe5fc9847238eee8d0a764.zip external_bash-80df778bb8f868423dfe5fc9847238eee8d0a764.tar.gz external_bash-80df778bb8f868423dfe5fc9847238eee8d0a764.tar.bz2 | |
bugfix: bash executing code following func defHEADreplicant-4.2-0004replicant-4.2-0003replicant-4.2
This is an upstream bugfix (with slight alterations):
Patch-ID: bash42-053
A combination of nested command substitutions and function importing from
the environment can cause bash to execute code appearing in the environment
variable value following the function definition.
Change-Id: I660e59c76d0d50de52d48a0d399fe1dfef3bded8
Diffstat (limited to 'builtins')
| -rw-r--r-- | builtins/evalstring.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/builtins/evalstring.c b/builtins/evalstring.c index 61f57fc..c2bce74 100644 --- a/builtins/evalstring.c +++ b/builtins/evalstring.c @@ -261,12 +261,25 @@ parse_and_execute (string, from_file, flags) { struct fd_bitmap *bitmap; - if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) + if (flags & SEVAL_FUNCDEF) { - internal_warning ("%s: ignoring function definition attempt", from_file); - should_jump_to_top_level = 0; - last_result = last_command_exit_value = EX_BADUSAGE; - break; + char *x; + + /* If the command parses to something other than a straight + function definition, or if we have not consumed the entire + string, or if the parser has transformed the function + name (as parsing will if it begins or ends with shell + whitespace, for example), reject the attempt */ + if (command->type != cm_function_def || + ((x = parser_remaining_input ()) && *x) || + (STREQ (from_file, command->value.Function_def->name->word) == 0)) + { + internal_warning (_("%s: ignoring function definition attempt"), from_file); + should_jump_to_top_level = 0; + last_result = last_command_exit_value = EX_BADUSAGE; + reset_parser (); + break; + } } bitmap = new_fd_bitmap (FD_BITMAP_SIZE); @@ -331,7 +344,10 @@ parse_and_execute (string, from_file, flags) discard_unwind_frame ("pe_dispose"); if (flags & SEVAL_ONECMD) - break; + { + reset_parser (); + break; + } } } else |