Context Navigation

bash-4.2-disable-function-imports.patch @ 2619

Last change on this file since 2619 was 2619, checked in by andersk, 10 years ago
bash: Disable function imports The upstream fix for CVE-2014-6271 isn’t good enough. Furthermore, even if they were completely fixed to operate as intended, they are still a bad idea to begin with. Disable this feature entirely.
File size: 497 bytes

diff --git a/variables.c b/variables.c
index cdc54bc..74f3a8c 100644

  initialize_shell_variables (env, privmode)
       /* If exported function, define it now.  Don't import functions from
          the environment in privileged mode. */
       if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
+      if (0)
+        {
           string_length = strlen (string);
           temp_string = (char *)xmalloc (3 + string_length + char_index);

Note: See TracBrowser for help on using the repository browser.