okļ¼one poc I think should like this:
=========================
#!/bin/bash
a="1||"
b=`printf "%.s"$a {1..50000}`"1"
eval $b
=========================
this code will make a segment fault, of cource , eval or printf actually is
not necessary,
the problem is about the "1 || 1 || .... 1" expression,
parser in interpreting OR Expressions did not take recursive stack
overflow into condsider,
Will you take this as a security bug ?
Regards
2017-02-15 23:27 GMT+08:00 Chet Ramey <chet.ra...@case.edu>:
> On 2/15/17 9:45 AM, Pierre Gaston wrote:
> > I'm re-adding the list.
> >
> > On Wed, Feb 15, 2017 at 4:34 PM, kkk K <3n4t...@gmail.com
> > <mailto:3n4t...@gmail.com>> wrote:
> >
> > What If I find a bug bypassing the FUNCNEST limitation ?
> > I mean I found a bug which about some paser logic in bash,
> > finially It will crash bash, And FUNCNEST cannot stop it from
> crashing
> > bash.
> >
> >
> > I think you should feel free to submit your bug report, since the number
> of
> > reports is low, false reports are not a problem and you may have a
> genuine bug.
>
> Yes. If you think you have found a bug, please report it. If it's not
> a bug, we'll tell you; there's no problem.
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
> ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, UTech, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~
> chet/
>
