From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 28767 invoked from network); 11 Nov 2023 23:33:15 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 11 Nov 2023 23:33:15 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Message-ID:Date: Content-Transfer-Encoding:Content-ID:Content-Type:MIME-Version:Subject:To: References:From:In-reply-to:cc:Reply-To:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=XMumc8QngX7BkCFDavUozaZKG9vIItifUZWK7Zq8WSI=; b=naIMkWERyyo0Y5gePt+C1Aqpnm XjliaIcR2qIERbElWq+YT81Q17BM9YFDfYNH4ruJ6Qw2WiXOayT0v1D3jAWe87aoshsg1iyaZjf5F xLRjHYLs+xyPT9ld4vKjwTLMB9TUUt3BxFNvvd2BDSH3TaXcghIlGDu8uAnWtaDCy6rclyxgx5pY8 mbPdAwAyTrhr8Zun7nIfifFyhjL+S+LTUsDKd3euLyRnvyz+u64siAavPwP/0QmflsqZ4s8veFxBJ ep+tKmS/N0AszwoVe+LwVQrONt1o4Iv2PbkoE3Od0uYzVrBf7Xlzgb/vh6JWgGy62wa9JtteGLWoq 8xgdBAMQ==; Received: by zero.zsh.org with local id 1r1xTX-000PXG-0S; Sat, 11 Nov 2023 23:33:15 +0000 Received: by zero.zsh.org with esmtpsa (TLS1.3:TLS_AES_256_GCM_SHA384:256) id 1r1xSy-000PED-4y; Sat, 11 Nov 2023 23:32:41 +0000 Received: from [192.168.178.21] (helo=hydra) by mail.kiddle.eu with esmtp(Exim 4.95) (envelope-from ) id 1r1xSw-0008zb-PK; Sun, 12 Nov 2023 00:32:39 +0100 cc: zsh-workers@zsh.org, Thomas Lauer In-reply-to: From: Oliver Kiddle References: <5792009a-ef88-428c-be93-feeaa23aad7e@app.fastmail.com> To: Ray Andrews Subject: Re: special characters in file names issue MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-ID: <34568.1699745558.1@hydra> Content-Transfer-Encoding: 8bit Date: Sun, 12 Nov 2023 00:32:38 +0100 Message-ID: <34569-1699745558.781786@JGMx.WsJC.lR_9> X-Seq: 52293 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: [ moved to -workers ] Ray Andrews wrote: > > Another hypothetical:  Since all that was added not too long ago, and since > Oliver is still kicking and could comment on the issue,  what would be the > practicalities of Thomas just hacking the code to his own satisfaction?  That > kind of solution never seems to be suggested but it would seem to be a > possibility.  Too complicated?  Too dangerous? Anyone, whether that be Thomas or yourself is always welcome to hack the code and we can discuss it here on the workers list. The "surprising" effects Roman pointed to in 29343 worry me more than the initial problem. Evaluating substitutions in the result of substitutions doesn't seem too clever from a security standpoint. The same effect occurs in other places like printf -v and likely every other builtin that takes a variable name as an argument. [[ -v ... ]] was primarily added for bash compatibility. bash and ksh93 apply expansion to what follows -v. In ksh93, however no substitutions are applied for the evaluation of the subscript. In bash, the same double substitution also occurs but only for very simple cases. Certainly I've not been able to get a command-substitution through. The patch below tries the approach of adding a SCANPM_NOSUBST flag similar to the relatively new SCANPM_NOEXEC. This doesn't entirely help the original problem where using [[ -v 'FileNameCkSum[$E]' ]] might have helped. Given that [[ ... ]] is special-cased by the parser, disabling the first substitution would perhaps be better. This does nothing for the problem with print -v and while ary=( 1 2 3 4 ); [[ -v 'ary[$(echo 2)]' ]] produces an error, [[ -v 'ary[ary[$(echo 2)]]' ]] does not. While I've included the patch for anyone interested the play with, I think I would lean in the direction of only passing SCANPM_NOEXEC. Oliver diff --git a/Src/params.c b/Src/params.c index 9f0cbcd67..e77f55104 100644 --- a/Src/params.c +++ b/Src/params.c @@ -711,7 +711,8 @@ issetvar(char *name) int slice; char **arr; - if (!(v = getvalue(&vbuf, &name, 1)) || *name) + if (!(v = fetchvalue(&vbuf, &name, 1, SCANPM_NOSUBST|SCANPM_NOEXEC)) + || *name) return 0; /* no value or more chars after the variable name */ if (v->isarr & ~SCANPM_ARRONLY) return v->end > 1; /* for extracted elements, end gives us a count */ @@ -1502,7 +1503,8 @@ getarg(char **str, int *inv, Value v, int a2, zlong *w, return 0; if (flags & SCANPM_NOEXEC) opts[EXECOPT] = 0; - singsub(&s); + if (!(flags & SCANPM_NOSUBST)) + singsub(&s); opts[EXECOPT] = exe; } else if (rev) remnulargs(s); /* This is probably always a no-op, but ... */ @@ -2207,7 +2209,8 @@ fetchvalue(Value v, char **pptr, int bracks, int flags) } if (PM_TYPE(pm->node.flags) & (PM_ARRAY|PM_HASHED)) { /* Overload v->isarr as the flag bits for hashed arrays. */ - v->isarr = flags | (isvarat ? SCANPM_ISVAR_AT : 0); + v->isarr = (flags & ~(SCANPM_NOSUBST|SCANPM_NOEXEC)) | + (isvarat ? SCANPM_ISVAR_AT : 0); /* If no flags were passed, we need something to represent * * `true' yet differ from an explicit WANTVALS. Use a * * special flag for this case. */ diff --git a/Src/zsh.h b/Src/zsh.h index a0243e98e..8d1cf8f15 100644 --- a/Src/zsh.h +++ b/Src/zsh.h @@ -1963,13 +1963,14 @@ struct tieddata { */ #define SCANPM_CHECKING (1<<10) /* Check if set, no need to create */ #define SCANPM_NOEXEC (1<<11) /* No command substitutions, etc. */ +#define SCANPM_NOSUBST (1<<14) /* No substitutions */ #define SCANPM_NONAMESPC (1<<12) /* namespace syntax not allowed */ #define SCANPM_NONAMEREF (1<<13) /* named references are not followed */ /* "$foo[@]"-style substitution * Only sign bit is significant */ -#define SCANPM_ISVAR_AT ((int)(((unsigned int)-1)<<15)) +#define SCANPM_ISVAR_AT ((int)(((unsigned int)-1)<<16)) /* * Flags for doing matches inside parameter substitutions, i.e.