[PATCH] check empty callback in mapfile

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] check empty callback in mapfile

From:	isabella parakiss
Subject:	[PATCH] check empty callback in mapfile
Date:	Sun, 10 May 2015 11:57:11 +0200

In builtins/mapfile.def there's this line:
snprintf (execstr, execlen, "%s %d %s", callback, curindex, qline);

If the callback is empty, bash runs '<space><number><space><line>'
This smells a lot like code injection.

$ echo 'echo hello from $0' > ~/bin/0
$ chmod +x ~/bin/0
$ cp ~/bin/{0,1}
$ echo -e 'x\ny' | mapfile -c1 -C ''
hello from /home/izabera/0
hello from /home/izabera/1

^^^ That's not at all the result I expected.



This is a simple patch:

 builtins/mapfile.def | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/builtins/mapfile.def b/builtins/mapfile.def
index 03f0b48..f91e432 100644
--- a/builtins/mapfile.def
+++ b/builtins/mapfile.def
@@ -178,6 +178,11 @@ mapfile (fd, line_count_goal, origin, nskip,
callback_quantum, callback, array_n
       builtin_error (_("%s: not an indexed array"), array_name);
       return (EXECUTION_FAILURE);
     }
+  else if (callback && *callback == 0)
+    {
+      builtin_error (_("%s: empty callback"));
+      return (EXECUTION_FAILURE);
+    }
   else if (invisible_p (entry))
     VUNSETATTR (entry, att_invisible); /* no longer invisible */



---
xoxo iza

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] check empty callback in mapfile, isabella parakiss <=
- Re: [PATCH] check empty callback in mapfile, isabella parakiss, 2015/05/10
  - Re: [PATCH] check empty callback in mapfile, Chet Ramey, 2015/05/10
- Re: [PATCH] check empty callback in mapfile, Chet Ramey, 2015/05/10

Prev by Date: wrong backtick escaping on autocomplete
Next by Date: Re: [PATCH] check empty callback in mapfile
Previous by thread: wrong backtick escaping on autocomplete
Next by thread: Re: [PATCH] check empty callback in mapfile
Index(es):
- Date
- Thread