On 5/10/15 6:52 AM, isabella parakiss wrote:
> Maybe check if the callback is a function?
The callback doesn't have to be a function. Some things might be easier
if it is, but there's no requirement.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa,
On 5/10/15 5:57 AM, isabella parakiss wrote:
> In builtins/mapfile.def there's this line:
> snprintf (execstr, execlen, "%s %d %s", callback, curindex, qline);
>
> If the callback is empty, bash runs ''
> This smells a lot like code injection.
It might smell like that, but it looks more like some
Ignore the patch, it's stupid.
Maybe check if the callback is a function?
---
xoxo iza
In builtins/mapfile.def there's this line:
snprintf (execstr, execlen, "%s %d %s", callback, curindex, qline);
If the callback is empty, bash runs ''
This smells a lot like code injection.
$ echo 'echo hello from $0' > ~/bin/0
$ chmod +x ~/bin/0
$ cp ~/bin/{0,1}
$ echo -e 'x\ny' | mapfile -c1 -C
