rpms/bash
6
0
Fork 0
Code Issues Pull Requests Releases Activity
3b09d0d67f
bash/bash43-030
Ondrej Oprala f96c394fe3 Patchlevel 30
2014-10-06 07:41:10 +02:00

133 lines
3.8 KiB
Plaintext
Raw Blame History

BASH PATCH REPORT
=================
Bash-Release: 4.3
Patch-ID: bash43-030
Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
Bug-Reference-ID:
Bug-Reference-URL:
Bug-Description:
A combination of nested command substitutions and function importing from
the environment can cause bash to execute code appearing in the environment
variable value following the function definition.
Patch (apply with `patch -p0'):
*** ../bash-4.3.29/builtins/evalstring.c 2014-10-01 12:57:47.000000000 -0400
--- builtins/evalstring.c 2014-10-03 11:57:04.000000000 -0400
***************
*** 309,318 ****
struct fd_bitmap *bitmap;
! if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
{
! internal_warning ("%s: ignoring function definition attempt", from_file);
! should_jump_to_top_level = 0;
! last_result = last_command_exit_value = EX_BADUSAGE;
! break;
}
--- 313,335 ----
struct fd_bitmap *bitmap;
! if (flags & SEVAL_FUNCDEF)
{
! char *x;
!
! /* If the command parses to something other than a straight
! function definition, or if we have not consumed the entire
! string, or if the parser has transformed the function
! name (as parsing will if it begins or ends with shell
! whitespace, for example), reject the attempt */
! if (command->type != cm_function_def ||
! ((x = parser_remaining_input ()) && *x) ||
! (STREQ (from_file, command->value.Function_def->name->word) == 0))
! {
! internal_warning (_("%s: ignoring function definition attempt"), from_file);
! should_jump_to_top_level = 0;
! last_result = last_command_exit_value = EX_BADUSAGE;
! reset_parser ();
! break;
! }
}
***************
*** 379,383 ****
if (flags & SEVAL_ONECMD)
! break;
}
}
--- 396,403 ----
if (flags & SEVAL_ONECMD)
! {
! reset_parser ();
! break;
! }
}
}
*** ../bash-4.3.29/parse.y 2014-10-01 12:58:43.000000000 -0400
--- parse.y 2014-10-03 14:48:59.000000000 -0400
***************
*** 2539,2542 ****
--- 2539,2552 ----
}
+ char *
+ parser_remaining_input ()
+ {
+ if (shell_input_line == 0)
+ return 0;
+ if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
+ return '\0'; /* XXX */
+ return (shell_input_line + shell_input_line_index);
+ }
+
#ifdef INCLUDE_UNUSED
/* Back the input pointer up by one, effectively `ungetting' a character. */
***************
*** 4028,4033 ****
/* reset_parser clears shell_input_line and associated variables */
restore_input_line_state (&ls);
! if (interactive)
! token_to_read = 0;
/* Need to find how many characters parse_and_execute consumed, update
--- 4053,4058 ----
/* reset_parser clears shell_input_line and associated variables */
restore_input_line_state (&ls);
!
! token_to_read = 0;
/* Need to find how many characters parse_and_execute consumed, update
*** ../bash-4.3.29/shell.h 2014-10-01 12:57:39.000000000 -0400
--- shell.h 2014-10-03 14:49:12.000000000 -0400
***************
*** 181,184 ****
--- 181,186 ----
/* Let's try declaring these here. */
+ extern char *parser_remaining_input __P((void));
+
extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
extern void restore_parser_state __P((sh_parser_state_t *));
*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 29
#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 30
#endif /* _PATCHLEVEL_H_ */
Reference in New Issue View Git Blame Copy Permalink