Full Disclosure mailing list archives

Re: sh-httpd `wildcard character' vulnerability

From: Thomas Binder <full-disclosure () arago de>
Date: Mon, 27 Oct 2003 17:40:26 +0100

Hi!

On Mon, Oct 27, 2003 at 10:42:45PM +0800, dong-h0un U wrote:

[...]
 bname() {
        local IFS='/'
-       set -- $1
+       set -- "$1"
        eval rc="\$$#"
        [ "$rc" = "" ] && eval rc="\$$(($# - 1))"
        echo "$rc"


Mhmm, doesn't that break things, as $# will always be 1 if you do

set -- "$some_variable"

no matter how many instances of $IFS there are in $some_variable:

$ foo="/a/b/c/d"
$ IFS='/'
$ set -- "$foo"
$ echo $#
1
$ echo "$1"
a/b/c/d

Actually, $# should be 4 and $1 should be "a"

I'd rather suggest using

set -f
set -- $some_variable
set +f

to disable wildcard expansion for the set-statement:

$ foo="/var/tmp/*"
$ IFS='/'
$ set -f
$ set $foo
$ set +f
$ echo $#
3
$ echo "1: $2, 2: $2, 3: $3"
1: tmp, 2: tmp, 3: *


Ciao

Thomas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

sh-httpd `wildcard character' vulnerability dong-h0un U (Oct 27)
- Re: sh-httpd `wildcard character' vulnerability Thomas Binder (Oct 27)
- Re: sh-httpd `wildcard character' vulnerability Richard Brittain (Oct 28)
  - Re: sh-httpd `wildcard character' vulnerability Dave Ahmad (Oct 28)