[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Array importing in bash 4.3
From: "Kobrin, Eric" <ekobrin () akamai ! com>
Date: 2014-09-30 3:41:29
Message-ID: 83670BE1-1FB4-4552-9404-7707C66233F2 () akamai ! com
[Download RAW message or body]
On Sep 29, 2014, at 1:55 PM, Florian Weimer <fweimer@redhat.com> wrote:
> On 09/29/2014 05:47 PM, Kobrin, Eric wrote:
> > This code also reveals a difference from the function export code.
> >
> > The ARRAY_EXPORT code frees temp_string after using it. The function export code mallocs, \
> > but never frees it. That behavior predates the recent patches.
>
> That's because parse_and_execute takes ownership of the string by
> default. See the comment in builtins/evalstring.c:
I did miss that comment. Assuming that parse_and_execute operates as expected, the memory \
doesn't leak so long as parse_and_execute is invoked.
How do you feel about changing from this:
if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
parse_and_execute (temp_string, tname, \
SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
to this? (please forgive style gaffes)
if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
{
parse_and_execute (temp_string, tname, \
SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD); }
else
{
FREE(temp_string);
}
-- Eric Kobrin=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic