summaryrefslogtreecommitdiffstats
path: root/tests/exportfunc.tests
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:38:56 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:38:56 +0000
commit6c20c8ed2cb9ab69a1a57ccb2b9b79969a808321 (patch)
treef63ce19d57fad3ac4a15bc26dbfbfa2b834111b5 /tests/exportfunc.tests
parentInitial commit. (diff)
downloadbash-upstream.tar.xz
bash-upstream.zip
Adding upstream version 5.2.15.upstream/5.2.15upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/exportfunc.tests')
-rw-r--r--tests/exportfunc.tests92
1 files changed, 92 insertions, 0 deletions
diff --git a/tests/exportfunc.tests b/tests/exportfunc.tests
new file mode 100644
index 0000000..d06b1a3
--- /dev/null
+++ b/tests/exportfunc.tests
@@ -0,0 +1,92 @@
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# normal operation
+foo()
+{
+ echo exportfunc ok 1
+}
+export -f foo
+${THIS_SH} -c foo
+unset -f foo
+foo-a ()
+{
+ echo exportfunc ok 2
+}
+export -f foo-a
+${THIS_SH} -c 'foo-a'
+
+# CVE-2014-6271
+
+env -i BASH_FUNC_foo%%='() { echo cve6271 ok; } ; echo BAD' ${THIS_SH} -c foo 2>/dev/null
+
+# CVE-2014-7169
+
+rm -f cve7169-bad
+env -i BASH_FUNC_X%%='() { (a)=>\' ${THIS_SH} -c cve7169-bad 2>/dev/null
+: < cve7169-bad
+rm -f cve7169-bad
+
+echo cve7169-bad2 > $TMPDIR/bar
+rm -f cve7169-bad2
+eval 'X() { (a)>\' ; . ./bar 2>/dev/null
+: < cve7169-bad2
+rm -f cve7169-bad2 $TMPDIR/bar
+
+# CVE-2014-7186
+${THIS_SH} ./exportfunc1.sub
+
+# CVE-2014-7187
+${THIS_SH} ./exportfunc2.sub
+
+# CVE-2014-6277
+A100=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+A1000=${A100}
+
+for (( i = 0; i < 999; i++ ))
+do
+ A1000+=${A100}
+done
+
+env BASH_FUNC_foo%%="() { 000(){>0;}&000(){ 0;}<<0 0" ${THIS_SH} -c foo 2>/dev/null
+env BASH_FUNC_foo%%="() { 000(){>0;}&000(){ 0;}<<${A1000} 0" ${THIS_SH} -c foo 2>/dev/null
+${THIS_SH} -c "f(){ x(){ _;}; x(){ _;}<<a;}" 2>/dev/null
+unset A100 A1000
+
+# CVE-2014-6278
+
+env 'BASH_FUNC_FOO%%=() { 0;}>r[0${$(}0 {>"$(id >/dev/tty)"; }' ${THIS_SH} -c : 2>/dev/null
+
+rm -f HELLO_WORLD
+env BASH_FUNC_FOO%%='() { 0;}>r[0${$(}0 {>HELLO_WORLD; }' ${THIS_SH} -c : 2>/dev/null
+: < HELLO_WORLD
+
+env BASH_FUNC_x%%='() { _;}>_[$($())] { echo vuln;}' ${THIS_SH} -c : 2>/dev/null
+
+env -i BASH_FUNC_x%%='() { _; } >_[${ $() }] { id; }' ${THIS_SH} -c : 2>/dev/null
+
+env BASH_FUNC_x%%=$'() { _;}>_[$($())]\n{ echo vuln;}' ${THIS_SH} -c : 2>/dev/null
+eval 'x() { _;}>_[$($())] { echo vuln;}' 2>/dev/null
+
+eval 'foo() { _; } >_[${ $() }] ;{ echo eval ok; }'
+
+# other tests fixed in bash43-030 concerning function name transformation
+env $'BASH_FUNC_\nfoo%%=() { echo transform-1; }' ${THIS_SH} -c foo 2>/dev/null
+env $'BASH_FUNC_foo\n%%=() { echo transform-2; }' ${THIS_SH} -c foo 2>/dev/null
+env $'BASH_FUNC_ foo %%=() { echo transform-3; }' ${THIS_SH} -c foo 2>/dev/null
+
+unset -f foo
+env $'BASH_FUNC_#badname%%'=$'() { :; }\nfoo () { echo transform-4; } ' ${THIS_SH} -c 'foo' 2>/dev/null
+
+# tests of exported names
+${THIS_SH} ./exportfunc3.sub