BASH PATCH REPORT ================= Bash-Release: 4.1 Patch-ID: bash41-012 Bug-Reported-by: Stephane Chazelas Bug-Reference-ID: Bug-Reference-URL: Bug-Description: Under certain circumstances, bash will execute user code while processing the environment for exported function definitions. Patch (apply with `patch -p0'): *** ../bash-4.1.11/builtins/common.h 2009-12-22 16:30:42.000000000 -0500 --- builtins/common.h 2014-09-16 19:27:38.000000000 -0400 *************** *** 36,39 **** --- 36,41 ---- /* Flags for describe_command, shared between type.def and command.def */ + #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */ + #define SEVAL_ONECMD 0x100 /* only allow a single command */ #define CDESC_ALL 0x001 /* type -a */ #define CDESC_SHORTDESC 0x002 /* command -V */ *** ../bash-4.1.11/builtins/evalstring.c 2009-10-17 21:18:50.000000000 -0400 --- builtins/evalstring.c 2014-09-16 19:27:38.000000000 -0400 *************** *** 262,265 **** --- 262,273 ---- struct fd_bitmap *bitmap; + if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def) + { + internal_warning ("%s: ignoring function definition attempt", from_file); + should_jump_to_top_level = 0; + last_result = last_command_exit_value = EX_BADUSAGE; + break; + } + bitmap = new_fd_bitmap (FD_BITMAP_SIZE); begin_unwind_frame ("pe_dispose"); *************** *** 322,325 **** --- 330,336 ---- dispose_fd_bitmap (bitmap); discard_unwind_frame ("pe_dispose"); + + if (flags & SEVAL_ONECMD) + break; } } *** ../bash-4.1.11/variables.c 2010-03-26 12:15:39.000000000 -0400 --- variables.c 2014-09-16 19:27:38.000000000 -0400 *************** *** 348,357 **** strcpy (temp_string + char_index + 1, string); ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST); ! ! /* Ancient backwards compatibility. Old versions of bash exported ! functions like name()=() {...} */ ! if (name[char_index - 1] == ')' && name[char_index - 2] == '(') ! name[char_index - 2] = '\0'; if (temp_var = find_function (name)) --- 348,355 ---- strcpy (temp_string + char_index + 1, string); ! /* Don't import function names that are invalid identifiers from the ! environment. */ ! if (legal_identifier (name)) ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); if (temp_var = find_function (name)) *************** *** 362,369 **** else report_error (_("error importing function definition for `%s'"), name); - - /* ( */ - if (name[char_index - 1] == ')' && name[char_index - 2] == '\0') - name[char_index - 2] = '('; /* ) */ } #if defined (ARRAY_VARS) --- 360,363 ---- *** ../bash-4.1-patched/patchlevel.h 2009-10-01 16:39:22.000000000 -0400 --- patchlevel.h 2010-01-14 09:38:08.000000000 -0500 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 11 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 12 #endif /* _PATCHLEVEL_H_ */