bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Bug in syntax checking causes unintended running of a function

From: dnade.ext
Subject: RE: Bug in syntax checking causes unintended running of a function
Date: Thu, 21 Apr 2016 07:40:16 +0000

Hi

 

For the record it does not work with "fake" exported functions. I was scared this could be really bad be so I've tested this case :

 

Here is inject.py

#!/usr/bin/python -tt

import os

os.putenv('BASH_FUNC_foo%%', '''() { avg=0;

avg=((avg+6));

echo -n "This function was never called. Bash version:";

/bin/bash --version | head -1;

}''')

os.system("bash")

 

And, it happily failed:

$ python inject.py        

bash: foo: ligne 1: Erreur de syntaxe près du symbole inattendu « ( »

bash: foo: ligne 1: ` avg=((avg+6));'

bash: avertissement : foo: ignoring function definition attempt

bash: erreur lors de l'import de la définition de fonction pour « foo »

$

 

I think the shellshock mitigations have blocked the injection from happening.

Do you think these should/could be applied to all function definitions?

 

Regards.

 

            D

 

--

Damien Nadé <dnade.ext@orange.com>

Astek Sud-Est pour Orange/OF/DTSI/DSI/DSI DFY/HBX/GOT

 

From: bug-bash [mailto:bug-bash-bounces+dnade.ext=orange.com@gnu.org] On Behalf Of David Maas
Sent: lundi 18 avril 2016 21:52
To: bug-bash@gnu.org
Subject: Bug in syntax checking causes unintended running of a function

 

Hi! I found a bug in bash, I've checked versions 4.1 (centos 6.7), 4.2 (centos 7.2), and 4.3.30 (from the ftp site). The bug is that if you do a double parenthesis math thing with the wrong syntax, the script runs the function during what I assume is syntax checking. Demonstration script is attached.


-------------- Script --------------

#!/bin/bash

#Should be avg=((avg+6))


function neverrunme
{
    avg=0
    avg=(($avg+6))
    echo -n "This function was never called. Bash version:"
    /bin/bash --version | head -1
}

echo "Welcome to this demonstration."

-------------- Output --------------

[dm5284@juphub ~]$ ./test-file.sh
./test-file.sh: line 7: syntax error near unexpected token `('
./test-file.sh: line 7: `    avg=(($avg+6))'
This function was never called. Bash version:GNU bash, version 4.2.46(1)-release (x86_64-redhat-linux-gnu)
./test-file.sh: line 10: syntax error near unexpected token `}'
./test-file.sh: line 10: `}'

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]