[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] sh-httpd `wildcard character' vulnerability



Hi!

On Mon, Oct 27, 2003 at 10:42:45PM +0800, dong-h0un U wrote:
> [...]
>  bname() {
>         local IFS='/'
> -       set -- $1
> +       set -- "$1"
>         eval rc="\$$#"
>         [ "$rc" = "" ] && eval rc="\$$(($# - 1))"
>         echo "$rc"

Mhmm, doesn't that break things, as $# will always be 1 if you do

set -- "$some_variable"

no matter how many instances of $IFS there are in $some_variable:

$ foo="/a/b/c/d"
$ IFS='/'
$ set -- "$foo"
$ echo $#
1
$ echo "$1"
a/b/c/d

Actually, $# should be 4 and $1 should be "a"

I'd rather suggest using

set -f
set -- $some_variable
set +f

to disable wildcard expansion for the set-statement:

$ foo="/var/tmp/*"
$ IFS='/'
$ set -f
$ set $foo
$ set +f
$ echo $#
3
$ echo "1: $2, 2: $2, 3: $3"
1: tmp, 2: tmp, 3: *


Ciao

Thomas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html