Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Sep 2014 22:41:29 -0500
From: "Kobrin, Eric" <ekobrin@...mai.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Array importing in bash 4.3

On Sep 29, 2014, at 1:55 PM, Florian Weimer <fweimer@...hat.com> wrote:

> On 09/29/2014 05:47 PM, Kobrin, Eric wrote:
>> This code also reveals a difference from the function export code.
>> 
>> The ARRAY_EXPORT code frees temp_string after using it. The function export code mallocs, but never frees it. That behavior predates the recent patches.
> 
> That's because parse_and_execute takes ownership of the string by 
> default.  See the comment in builtins/evalstring.c:


I did miss that comment. Assuming that parse_and_execute operates as expected, the memory doesn't leak so long as parse_and_execute is invoked.

How do you feel about changing from this:

   if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
     parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);

to this? (please forgive style gaffes)

   if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
   {
     parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
   }
   else
   {
     FREE(temp_string);
   }

-- Eric Kobrin

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.