From: Harald Hoyer <[email protected]>
"export -p" prints all environment variables, without checking if the
environment variable is a valid dash variable name.
IMHO, the only valid usecase for "export -p" is to eval the output.
$ eval $(export -p); echo OK
OK
Without this patch the following test does error out with:
test.py:
import os
os.environ["test-test"]="test"
os.environ["test_test"]="test"
os.execv("./dash", [ './dash', '-c', 'eval $(export -p); echo OK' ])
$ python test.py
./dash: 1: export: test-test: bad variable name
Of course the results can be more evil, if the environment variable
name is crafted, that it injects valid shell code.
---
src/var.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/var.c b/src/var.c
index 027beff..06771d3 100644
--- a/src/var.c
+++ b/src/var.c
@@ -409,12 +409,15 @@ showvars(const char *prefix, int on, int off)
for (; ep < epend; ep++) {
const char *p;
const char *q;
-
+ const char *r;
+ r = endofname(*ep);
p = strchrnul(*ep, '=');
q = nullstr;
- if (*p)
+ if (*p) {
+ if (p != r)
+ continue;
q = single_quote(++p);
-
+ }
out1fmt("%s%s%.*s%s\n", prefix, sep, (int)(p - *ep), *ep, q);
}
--
1.7.9
--
To unsubscribe from this list: send the line "unsubscribe dash" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
