lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031027164026.GA1165865@ohm.arago.de> From: full-disclosure at arago.de (Thomas Binder) Subject: sh-httpd `wildcard character' vulnerability Hi! On Mon, Oct 27, 2003 at 10:42:45PM +0800, dong-h0un U wrote: > [...] > bname() { > local IFS='/' > - set -- $1 > + set -- "$1" > eval rc="\$$#" > [ "$rc" = "" ] && eval rc="\$$(($# - 1))" > echo "$rc" Mhmm, doesn't that break things, as $# will always be 1 if you do set -- "$some_variable" no matter how many instances of $IFS there are in $some_variable: $ foo="/a/b/c/d" $ IFS='/' $ set -- "$foo" $ echo $# 1 $ echo "$1" a/b/c/d Actually, $# should be 4 and $1 should be "a" I'd rather suggest using set -f set -- $some_variable set +f to disable wildcard expansion for the set-statement: $ foo="/var/tmp/*" $ IFS='/' $ set -f $ set $foo $ set +f $ echo $# 3 $ echo "1: $2, 2: $2, 3: $3" 1: tmp, 2: tmp, 3: * Ciao Thomas
Powered by blists - more mailing lists