oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Array importing in bash 4.3

From: Florian Weimer <fweimer () redhat com>
Date: Mon, 29 Sep 2014 19:55:42 +0200
On 09/29/2014 05:47 PM, Kobrin, Eric wrote:

This code also reveals a difference from the function export code.

The ARRAY_EXPORT code frees temp_string after using it. The function export code mallocs, but never frees it. That 
behavior predates the recent patches.
That's because parse_and_execute takes ownership of the string by default. See the comment in builtins/evalstring.c: 

/* Parse and execute the commands in STRING.  Returns whatever
   execute_command () returns.  This frees STRING.  FLAGS is a
   flags word; look in common.h for the possible values.  Actions
   are:
        (flags & SEVAL_NONINT) -> interactive = 0;
        (flags & SEVAL_INTERACT) -> interactive = 1;
        (flags & SEVAL_NOHIST) -> call bash_history_disable ()
        (flags & SEVAL_NOFREE) -> don't free STRING when finished
        (flags & SEVAL_RESETLINE) -> reset line_number to 1
*/


--
Florian Weimer / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: