Skip to content

Commit

Permalink
Fix arbitrary code execution in printf invocation
Browse files Browse the repository at this point in the history 
Without `--`, printf might continue searching for options.

A known exploit is shown in http://wiki.bash-hackers.org/commands/builtin/printf#options.
  • Loading branch information
@Artoria2e5
Artoria2e5 authored Sep 16, 2016
1 parent 459f98d commit b597667
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions quinedb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,18 +14,18 @@ print_db(){
echo "db=("
i=0
for k in "${!db[@]}"; do
escaped_keys[$i]=$(printf %q "$k")
escaped_keys[$i]=$(printf %q -- "$k")
i=$((i+1))
done

# sort the keys for deterministic printing
IFS=$'\n' sorted=($(printf '%s' "${escaped_keys[*]}" | sort))
IFS=$'\n' sorted=($(printf '%s' -- "${escaped_keys[*]}" | sort))
unset IFS

for k in "${sorted[@]}"; do
unescaped=$(eval "echo $k")
v=${db["$unescaped"]}
echo " [$k]=$(printf %q "$v")"
echo " [$k]=$(printf %q -- "$v")"
done
echo ")"
}
Expand All @@ -47,18 +47,18 @@ print_db(){
echo "db=("
i=0
for k in "${!db[@]}"; do
escaped_keys[$i]=$(printf %q "$k")
escaped_keys[$i]=$(printf %q -- "$k")
i=$((i+1))
done
# sort the keys for deterministic printing
IFS=$'\n' sorted=($(printf '%s' "${escaped_keys[*]}" | sort))
IFS=$'\n' sorted=($(printf '%s' -- "${escaped_keys[*]}" | sort))
unset IFS
for k in "${sorted[@]}"; do
unescaped=$(eval "echo $k")
v=${db["$unescaped"]}
echo " [$k]=$(printf %q "$v")"
echo " [$k]=$(printf %q -- "$v")"
done
echo ")"
}
Expand Down Expand Up @@ -89,7 +89,7 @@ case "$1" in
"get")
if [ "${db["$2"]+_}" ]; then
v=${db["$2"]}
echo "$(printf %q "$v")" >&2
echo "$(printf %q -- "$v")" >&2
fi
;;
"set")
Expand All @@ -101,7 +101,7 @@ case "$1" in
echo 'OK' >&2
;;
"keys")
for k in "${!db[@]}"; do echo "$(printf %q "$k")"; done >&2
for k in "${!db[@]}"; do echo "$(printf %q -- "$k")"; done >&2
;;
*)
echo "USAGE: quinedb [get k | set k v | delete k | keys]" >&2
Expand Down Expand Up @@ -135,7 +135,7 @@ case "$1" in
"get")
if [ "${db["$2"]+_}" ]; then
v=${db["$2"]}
echo "$(printf %q "$v")" >&2
echo "$(printf %q -- "$v")" >&2
fi
;;
"set")
Expand All @@ -147,7 +147,7 @@ case "$1" in
echo 'OK' >&2
;;
"keys")
for k in "${!db[@]}"; do echo "$(printf %q "$k")"; done >&2
for k in "${!db[@]}"; do echo "$(printf %q -- "$k")"; done >&2
;;
*)
echo "USAGE: quinedb [get k | set k v | delete k | keys]" >&2
Expand Down

0 comments on commit b597667

Please sign in to comment.