Bugs item #311614, was changed at 2009-04-22 15:00 by Freddy Vulto
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=311614&group_id=100114
Status: Open
Priority: 3
Submitted By: Eric Blake (eblake-guest)
>Assigned to: Freddy Vulto (fvu-guest)
Summary: quoting bug in _known_hosts
Distribution: --Distribution-Agnostic--
Originally reported in: None
Milestone: 1.0
Status: None
Original bug number:
Initial Comment:
There is a quoting bug in _known_hosts, which causes the shell to attempt glob
expansion. Although unlikely, a user can name a file to include shell
metacharacters so that the glob performs arbitrary actions.
This portion of _known_hosts:
COMPREPLY=($( awk 'BEGIN {FS=","}
/^\s*[^|\#]/ {for (i=1; i<=2; ++i) { \
gsub(" .*$", "", $i); \
if ($i ~ /'$cur'/) {print $i} \
}}' "${...@]}" 2>/dev/null ));
Needs "" around $cur. Otherwise, something like 'ssh <tab>' causes cur to be
defined as [a-z.], and since $cur does not occur in "", the shell treats it as
a glob.
----------------------------------------------------------------------
Comment By: Eric Blake (eblake-guest)
Date: 2009-05-18 17:52
Message:
I regenerated the patch against the latest git master; with many more instances
of underquoted $cur fixed in bash_completion proper. However, I suspect that a
full audit of the contrib files will find yet more underquoted instances.
----------------------------------------------------------------------
Comment By: Eric Blake (eblake-guest)
Date: 2009-04-23 00:08
Message:
attaching a patch for all instances of underquoted $cur that I could find
----------------------------------------------------------------------
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=311614&group_id=100114
_______________________________________________
Bash-completion-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/bash-completion-devel
