Re: Does bash treat segment fault causing by scripts as security bugs ?

[kkk K]

ok，one poc I think should like this:

=========================

#!/bin/bash

a="1||"

b=`printf "%.s"$a {1..50000}`"1"

eval $b

=========================

this code will make a segment fault, of cource , eval or printf actually is not necessary,

the problem is about the "1 || 1 || .... 1" _expression_, 

parser in interpreting  OR Expressions did not take recursive stack overflow into condsider,

Will you take this as a security bug ?

Regards

2017-02-15 23:27 GMT+08:00 Chet Ramey <chet.ramey@case.edu>:

On 2/15/17 9:45 AM, Pierre Gaston wrote:
> I'm re-adding the list.
>
> On Wed, Feb 15, 2017 at 4:34 PM, kkk K <3n4t5yu@gmail.com
> <mailto:3n4t5yu@gmail.com>> wrote:
>
>     What If I find a bug bypassing the FUNCNEST limitation ?
>     I mean I found a bug which about some paser logic in bash,
>     finially It will crash bash, And FUNCNEST cannot stop it from crashing
>     bash.
>
>
> I think you should feel free to submit your bug report, since the number of
> reports is low, false reports are not a problem and you may have a genuine bug.

Yes.  If you think you have found a bug, please report it.  If it's not
a bug, we'll tell you; there's no problem.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/