Permalink
Browse files

added ifdef FUNCTION_EXPORT around function export

1 parent b64a0e1 commit 7caac6ee41f645fc21b6e5eddc820151f6e6c43c @ekobrin ekobrin committed Sep 25, 2014
Showing with 2 additions and 0 deletions.
  1. +2 −0 variables.c
View
@@ -351,6 +351,7 @@ initialize_shell_variables (env, privmode)
the environment in privileged mode. */
if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
{
+#ifdef FUNCTION_EXPORT
string_length = strlen (string);
temp_string = (char *)xmalloc (3 + string_length + char_index);
@@ -379,6 +380,7 @@ initialize_shell_variables (env, privmode)
last_command_exit_value = 1;
report_error (_("error importing function definition for `%s'"), name);
}
+#endif /* FUNCTION_EXPORT */
}
#if defined (ARRAY_VARS)
# if ARRAY_EXPORT

2 comments on commit 7caac6e

@ekobrin
Contributor

This is emergency patch for today's vulnerability which makes function forwarding conditional on the compile-time switch "FUNCTION_EXPORT". We're using it for systems that can't be switched to the Almquist Shell. In the hope that it's useful to others, and for public review, we've posted the patch here. Note that it does not update documentation or anything other than the single affected block.

@ekobrin
Contributor
ekobrin commented on 7caac6e Oct 1, 2014

If you want to pick up the upstream shellshock patches through 27 as well, see: 7caac6e~1...no-function-forward

If you want to add the FUNCTION_EXPORT ifdef to an already up-to-date bash, see: master...no-function-forward

Please sign in to comment.