From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16956 invoked by alias); 6 Oct 2015 15:34:54 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 36804 Received: (qmail 21104 invoked from network); 6 Oct 2015 15:34:52 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:date:in-reply-to:comments :references:to:subject:mime-version:content-type; bh=/hAni33NiFYZ6AYZdW3xiVa1dx2Vm7CMG3dHyIzDHKo=; b=O69rOOF7cRq7Ga0vTcSBqbbz22bl+Tayi/MCwpJRH4sKWK5xUpyMnsMvxqH+9KRUDL kBQkc2DvnnUcd3YDogVvCYQsuFYLUJRsPSN4ldANFU2K61gCdXuq+uQ14Z5LowJgUj89 PcB0f1afUlLZCI44LXdVgvdCYWSPTb+GBzW5hKqkTPv5psKJFBtIN/SVJUoCmLQamd6Q ivGjR6WN0lM3CSsvidWtsc9C5opBWxAu2HfKm1HVs05hxBQeETWx/FgQnlsVRtbicPH0 o9o4RWJlniYOajkByt5wQ1o09L1T66eX46OXSRcAjpjsK6Qk92Uqt03djRZT9NWjfetZ olVA== X-Gm-Message-State: ALoCoQnPYW7lD3EYoa/0ua1PLirN8tEJmJ6YZG2LcgMGH+KIunQKDMWbf5fRMpbcCjt3jFDT9Wwz X-Received: by 10.182.117.233 with SMTP id kh9mr20739656obb.44.1444145689169; Tue, 06 Oct 2015 08:34:49 -0700 (PDT) From: Bart Schaefer Message-Id: <151006083446.ZM5523@torch.brasslantern.com> Date: Tue, 6 Oct 2015 08:34:46 -0700 In-Reply-To: <20151006101549.3664bab3@pwslap01u.europe.root.pri> Comments: In reply to Peter Stephenson "Re: syntax check of 'echo $HOME' crashes in ksh emulation mode" (Oct 6, 10:15am) References: <1693579.IilOBOKrgc@kdudka.brq.redhat.com> <20151005174219.69ae85c4@pwslap01u.europe.root.pri> <151005104507.ZM19176@torch.brasslantern.com> <20151006093357.0c7a5214@pwslap01u.europe.root.pri> <20151006101549.3664bab3@pwslap01u.europe.root.pri> X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: zsh-workers@zsh.org Subject: Re: syntax check of 'echo $HOME' crashes in ksh emulation mode MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii On Oct 6, 10:15am, Peter Stephenson wrote: } } /**/ } mod_export void } assignstrvalue(Value v, char *val, int flags) } { } if (unset(EXECOPT)) } return; } } (i) Doesn't that leak val? Probably, but in no_exec state the shell can't possibly run for very long so it doesn't matter? However, every other case in assignstrvalue() has zsfree(val) so this one probably should too. Except: } (ii) It's not clear how safe the above is, as this case shows. However, } it's definitely not safe to skip the tests in assignstrvalue() either Do you mean that even for no_exec we should not be bailing out this early in assignstrvalue()? That is, we ought to be doing the tests of read-only, wrong type, invalid subscript, etc., and then bail just before removing the PM_UNSET flag? Except: } and if we run them it's doing too much work for syntax checking and is } likely to mess things up owing to previous non-execution. I don't know about too much work, but yes, some of them proceed a bit too far into semantics. } So this is all a bit nasty. (Just for once.) Does POSIX say anything about the environment in no_exec state? Maybe we should just temporarily toggle EXECOPT off during that part of the shell initialization -- we're already avoiding execution of contents of environment vars for security reasons, so it should be safe to do the imports.