From 80df778bb8f868423dfe5fc9847238eee8d0a764 Mon Sep 17 00:00:00 2001 From: Michal Zalewski Date: Fri, 10 Oct 2014 11:16:06 +0100 Subject: bugfix: bash executing code following func def This is an upstream bugfix (with slight alterations): Patch-ID: bash42-053 A combination of nested command substitutions and function importing from the environment can cause bash to execute code appearing in the environment variable value following the function definition. Change-Id: I660e59c76d0d50de52d48a0d399fe1dfef3bded8 --- builtins/evalstring.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) (limited to 'builtins/evalstring.c') diff --git a/builtins/evalstring.c b/builtins/evalstring.c index 61f57fc..c2bce74 100644 --- a/builtins/evalstring.c +++ b/builtins/evalstring.c @@ -261,12 +261,25 @@ parse_and_execute (string, from_file, flags) { struct fd_bitmap *bitmap; - if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) + if (flags & SEVAL_FUNCDEF) { - internal_warning ("%s: ignoring function definition attempt", from_file); - should_jump_to_top_level = 0; - last_result = last_command_exit_value = EX_BADUSAGE; - break; + char *x; + + /* If the command parses to something other than a straight + function definition, or if we have not consumed the entire + string, or if the parser has transformed the function + name (as parsing will if it begins or ends with shell + whitespace, for example), reject the attempt */ + if (command->type != cm_function_def || + ((x = parser_remaining_input ()) && *x) || + (STREQ (from_file, command->value.Function_def->name->word) == 0)) + { + internal_warning (_("%s: ignoring function definition attempt"), from_file); + should_jump_to_top_level = 0; + last_result = last_command_exit_value = EX_BADUSAGE; + reset_parser (); + break; + } } bitmap = new_fd_bitmap (FD_BITMAP_SIZE); @@ -331,7 +344,10 @@ parse_and_execute (string, from_file, flags) discard_unwind_frame ("pe_dispose"); if (flags & SEVAL_ONECMD) - break; + { + reset_parser (); + break; + } } } else -- cgit v1.1