diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2012-02-25 15:35:18 +0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2012-02-25 15:35:18 +0800 |
commit | 46d3c1a614f11f0d40a7e73376359618ff07abcd (patch) | |
tree | 889c7ccdf81c2559c784158333664fa14217b344 /src | |
parent | [SHELL] Add top-level autogen.sh (diff) | |
download | dash-46d3c1a614f11f0d40a7e73376359618ff07abcd.tar.gz dash-46d3c1a614f11f0d40a7e73376359618ff07abcd.zip |
[VAR] Sanitise environment variable names on entry
On Tue, Feb 14, 2012 at 10:48:48AM +0000, harald@redhat.com wrote: > > "export -p" prints all environment variables, without checking if the > environment variable is a valid dash variable name. > > IMHO, the only valid usecase for "export -p" is to eval the output. > > $ eval $(export -p); echo OK > OK > > Without this patch the following test does error out with: > > test.py: > import os > os.environ["test-test"]="test" > os.environ["test_test"]="test" > os.execv("./dash", [ './dash', '-c', 'eval $(export -p); echo OK' ]) > > $ python test.py > ./dash: 1: export: test-test: bad variable name > > Of course the results can be more evil, if the environment variable > name is crafted, that it injects valid shell code. This patch fixes the issue by sanitising all environment variable names upon entry into the shell. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'src')
-rw-r--r-- | src/var.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/var.c b/src/var.c index 027beff..dc90249 100644 --- a/src/var.c +++ b/src/var.c @@ -136,7 +136,8 @@ INIT { initvar(); for (envp = environ ; *envp ; envp++) { - if (strchr(*envp, '=')) { + p = endofname(*envp); + if (p != *envp && *p == '=') { setvareq(*envp, VEXPORT|VTEXTFIXED); } } |