From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/gentoo-functions:master commit in: /
Date: Sun, 12 Feb 2023 18:53:11 +0000 (UTC) [thread overview]
Message-ID: <1676225541.b654697f3d39014e4600ec5f314a7e94a0637c26.sam@gentoo> (raw)
commit: b654697f3d39014e4600ec5f314a7e94a0637c26
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Sun Feb 12 09:14:13 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 12 18:12:21 2023 +0000
URL: https://gitweb.gentoo.org/proj/gentoo-functions.git/commit/?id=b654697f
Prevent code injection and naming conflicts in yesno()
Currently, the yesno() function works by first trying to match the first
argument against a series of patterns that would reasonably indicate a
truthful or falseful value. If it fails to do so, it proceeds to treat
the argument as if it were a name reference. However, it does so without
bothering to check whether its value could be a legal variable name in
the first place, which is extremely dangerous! Below is a trivial
example of a code injection.
$ . ./functions.sh
$ untrusted_input='_; echo "you just got pwned"'
$ yesno "$untrusted_input"
you just got pwned
Frankly, I think the name dereferencing is a monumental anti-feature and
would urge that it be removed. However, it is beyond my purview to make
such a decision. Instead, add a check to ensure that the name appears to
be a valid one before calling upon eval. Here is the same test, as
conducted against the new implementation.
$ yesno "$untrusted_input"
$ echo $?
1
$ EINFO_VERBOSE=1
$ yesno "$untrusted_input"
* Invalid argument given to yesno (expected a boolean-like or a legal name)
Another issue with allowing for name dereferencing is that, by its very
nature, it is anethema to the use of the (non-standard) local builtin.
Here is a concrete example of the prior implementation producing a bogus
warning and returning the wrong exit status value entirely.
$ value=yes
$ yesno value
* $value is not set properly
$ echo $?
1
Compare and contrast to the new implementation, which works correctly.
$ yesno value
$ echo $?
0
This has been accomplished by eradicating the use of local. Now only the
first positional parameter and _ are ever assigned to, with the latter
variable being used a loop iterator. This is rather unconventional but
is, nevertheless, safe. Although _ is a special variable, its value
will not normally be affected by the shell until the enclosing compound
command has concluded. Further, any conforming implementation of sh(1)
is able to use a for loop to assign to it.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
functions.sh | 39 +++++++++++++++++++++++++--------------
1 file changed, 25 insertions(+), 14 deletions(-)
diff --git a/functions.sh b/functions.sh
index 6ad22f3..7882113 100644
--- a/functions.sh
+++ b/functions.sh
@@ -47,20 +47,31 @@ eoutdent()
#
yesno()
{
- [ -z "$1" ] && return 1
-
- case "$1" in
- [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0;;
- [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1;;
- esac
-
- local value=
- eval "value=\$${1}"
- case "$value" in
- [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0;;
- [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1;;
- *) vewarn "\$$1 is not set properly"; return 1;;
- esac
+ for _ in 1 2; do
+ case $1 in
+ [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+ return 1
+ ;;
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ return 0
+ esac
+ if [ "$_" -gt 1 ]; then
+ ! break
+ else
+ # Using eval can be very dangerous. Check whether the
+ # value is a legitimate variable name before proceeding
+ # to treat it as one.
+ (
+ LC_ALL=C
+ case $1 in
+ ''|_|[[:digit:]]*|*[!_[:alnum:]]*) exit 1
+ esac
+ ) || ! break
+ # Treat the value as a nameref then try again.
+ eval "set -- \"\$$1\""
+ fi
+ done || vewarn "Invalid argument given to yesno (expected a boolean-like or a legal name)"
+ return 1
}
#
next reply other threads:[~2023-02-12 18:53 UTC|newest]
Thread overview: 281+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-12 18:53 Sam James [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-10-05 7:25 [gentoo-commits] proj/gentoo-functions:master commit in: / Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-10-05 4:15 Sam James
2024-08-11 10:23 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-11 10:11 Sam James
2024-08-05 20:39 Sam James
2024-08-05 20:39 Sam James
2024-08-05 2:03 Sam James
2024-08-05 2:02 Sam James
2024-08-05 2:02 Sam James
2024-08-05 2:02 Sam James
2024-08-05 2:02 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-08-02 23:14 Sam James
2024-07-08 3:00 Sam James
2024-07-08 2:31 Sam James
2024-07-08 2:31 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-07-07 5:55 Sam James
2024-06-25 4:06 Sam James
2024-06-25 4:06 Sam James
2024-06-25 4:06 Sam James
2024-06-25 4:06 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-06-21 13:14 Sam James
2024-05-24 6:05 Sam James
2024-05-24 1:18 Sam James
2024-05-24 1:18 Sam James
2024-05-22 1:12 Sam James
2024-05-22 1:12 Sam James
2024-05-22 1:12 Sam James
2024-05-22 1:12 Sam James
2024-05-22 1:12 Sam James
2024-05-22 1:12 Sam James
2024-05-22 1:12 Sam James
2024-05-22 1:12 Sam James
2024-05-22 1:12 Sam James
2024-05-19 15:27 Sam James
2024-05-19 15:27 Sam James
2024-05-19 15:27 Sam James
2024-05-19 15:27 Sam James
2024-05-18 16:07 Sam James
2024-05-18 16:06 Sam James
2024-05-18 16:06 Sam James
2024-05-18 15:34 Sam James
2024-05-18 15:32 Sam James
2024-05-18 15:32 Sam James
2024-05-18 14:04 Sam James
2024-05-18 14:04 Sam James
2024-05-18 14:04 Sam James
2024-05-18 14:04 Sam James
2024-05-18 14:04 Sam James
2024-05-18 14:04 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-17 4:03 Sam James
2024-05-15 10:28 Sam James
2024-05-15 10:28 Sam James
2024-05-14 0:18 Sam James
2024-05-14 0:15 Sam James
2024-05-14 0:12 Sam James
2024-05-14 0:12 Sam James
2024-05-14 0:08 Sam James
2024-05-14 0:08 Sam James
2024-05-14 0:05 Sam James
2024-05-14 0:05 Sam James
2024-05-14 0:05 Sam James
2024-05-14 0:05 Sam James
2024-05-14 0:05 Sam James
2024-02-16 21:35 Sam James
2023-06-11 16:47 Sam James
2023-06-11 16:47 Sam James
2023-06-11 16:47 Sam James
2023-06-11 16:47 Sam James
2023-06-11 16:47 Sam James
2023-06-11 16:47 Sam James
2023-06-11 16:47 Sam James
2023-06-11 16:47 Sam James
2023-06-10 7:23 Sam James
2023-06-10 7:23 Sam James
2023-06-10 6:04 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-10 4:22 Sam James
2023-06-09 11:17 Sam James
2023-06-09 11:11 Sam James
2023-06-09 11:02 Sam James
2023-06-09 11:02 Sam James
2023-06-09 11:02 Sam James
2023-06-09 11:02 Sam James
2023-06-07 11:13 Sam James
2023-06-07 11:13 Sam James
2023-06-07 11:13 Sam James
2023-06-07 11:13 Sam James
2023-06-07 11:13 Sam James
2023-06-07 11:13 Sam James
2023-06-07 11:13 Sam James
2023-06-07 11:13 Sam James
2023-06-07 11:13 Sam James
2023-02-19 16:14 Sam James
2023-02-19 16:14 Sam James
2023-02-19 16:14 Sam James
2023-02-19 16:14 Sam James
2023-02-19 16:14 Sam James
2023-02-19 16:14 Sam James
2023-02-19 16:14 Sam James
2023-02-19 16:14 Sam James
2023-02-19 16:14 Sam James
2023-02-17 7:44 Sam James
2023-02-17 7:44 Sam James
2023-02-17 7:44 Sam James
2023-02-17 1:33 Sam James
2023-02-17 1:33 Sam James
2023-02-17 1:33 Sam James
2023-02-15 8:18 Sam James
2023-02-15 7:48 Sam James
2023-02-15 7:46 Sam James
2023-02-15 7:46 Sam James
2023-02-15 7:46 Sam James
2023-02-15 7:46 Sam James
2023-02-15 7:46 Sam James
2023-02-15 7:46 Sam James
2023-02-15 2:24 Sam James
2023-02-15 2:24 Sam James
2023-02-15 2:24 Sam James
2023-02-14 3:40 Sam James
2023-02-14 3:40 Sam James
2023-02-14 3:40 Sam James
2023-02-14 3:40 Sam James
2023-02-14 0:09 Sam James
2023-02-14 0:09 Sam James
2023-02-13 21:37 Sam James
2023-02-13 21:37 Sam James
2023-02-13 21:37 Sam James
2023-02-13 21:37 Sam James
2023-02-13 21:37 Sam James
2023-02-13 21:37 Sam James
2023-02-13 21:37 Sam James
2023-02-13 21:37 Sam James
2023-02-12 18:53 Sam James
2023-02-12 6:53 Sam James
2023-02-12 6:53 Sam James
2023-02-12 6:53 Sam James
2023-02-11 1:43 Sam James
2023-02-11 1:43 Sam James
2023-02-10 6:09 Sam James
2023-02-10 6:09 Sam James
2023-02-10 6:09 Sam James
2023-02-09 3:54 Sam James
2023-02-09 3:54 Sam James
2023-02-08 3:37 Sam James
2023-02-08 1:06 Sam James
2023-02-08 0:03 Sam James
2023-02-08 0:03 Sam James
2023-02-07 23:47 Sam James
2023-02-07 23:42 Sam James
2023-02-07 23:42 Sam James
2023-02-07 23:42 Sam James
2023-02-07 23:42 Sam James
2023-02-07 1:08 Sam James
2023-02-07 1:08 Sam James
2023-02-06 13:47 Sam James
2023-02-06 4:32 Sam James
2023-02-06 4:23 Sam James
2023-02-06 4:19 Sam James
2023-02-06 4:10 Sam James
2023-02-06 4:10 Sam James
2023-02-06 3:59 Sam James
2023-02-06 3:59 Sam James
2023-02-06 3:59 Sam James
2022-07-30 5:48 Sam James
2022-07-29 2:03 Sam James
2022-07-29 2:03 Sam James
2022-07-29 2:03 Sam James
2021-08-30 21:14 Mike Gilbert
2021-08-30 21:14 Mike Gilbert
2020-11-19 18:20 Mike Gilbert
2020-11-19 18:20 Mike Gilbert
2020-11-19 18:20 Mike Gilbert
2020-01-26 23:19 Mike Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1676225541.b654697f3d39014e4600ec5f314a7e94a0637c26.sam@gentoo \
--to=sam@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox