oss-sec mailing list archives
Re: Array importing in bash 4.3
From: "Kobrin, Eric" <ekobrin () akamai com>
Date: Mon, 29 Sep 2014 22:41:29 -0500
On Sep 29, 2014, at 1:55 PM, Florian Weimer <fweimer () redhat com> wrote:
On 09/29/2014 05:47 PM, Kobrin, Eric wrote:This code also reveals a difference from the function export code. The ARRAY_EXPORT code frees temp_string after using it. The function export code mallocs, but never frees it. That behavior predates the recent patches.That's because parse_and_execute takes ownership of the string by default. See the comment in builtins/evalstring.c:
I did miss that comment. Assuming that parse_and_execute operates as expected, the memory doesn't leak so long as parse_and_execute is invoked. How do you feel about changing from this: if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname))) parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); to this? (please forgive style gaffes) if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname))) { parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); } else { FREE(temp_string); } -- Eric Kobrin
Current thread:
- Re: Fwd: Non-upstream patches for bash, (continued)
- Re: Fwd: Non-upstream patches for bash Marc Deslauriers (Sep 25)
- Re: [security-vendor] Re: [oss-security] Fwd: Non-upstream patches for bash Mark Hatle (Sep 26)
- Re: Fwd: Non-upstream patches for bash cve-assign (Sep 25)
- Re: Fwd: Non-upstream patches for bash Hanno Böck (Sep 26)
- Re: Non-upstream patches for bash Ángel González (Sep 26)
- Re: Re: Non-upstream patches for bash John Haxby (Sep 26)
- Re: Re: Non-upstream patches for bash Ángel González (Sep 26)
- Re: Re: Non-upstream patches for bash John Haxby (Sep 26)
- Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Florian Weimer (Sep 29)
- Re: Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Kobrin, Eric (Sep 29)
- Re: Array importing in bash 4.3 Florian Weimer (Sep 29)
- Re: Array importing in bash 4.3 Kobrin, Eric (Sep 29)
- Re: Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Kobrin, Eric (Sep 29)
- Re: Array importing in bash 4.3 Chet Ramey (Sep 29)
- Re: Fwd: Non-upstream patches for bash Marc Deslauriers (Sep 25)