1 files changed, 92 insertions, 0 deletions
diff --git a/tests/exportfunc.tests b/tests/exportfunc.tests
new file mode 100644
index 0000000..d06b1a3
--- /dev/null
+++ b/tests/exportfunc.tests
@@ -0,0 +1,92 @@
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# normal operation
+foo()
+{
+	echo exportfunc ok 1
+}
+export -f foo
+${THIS_SH} -c foo
+unset -f foo
+foo-a ()
+{
+	echo exportfunc ok 2
+}
+export -f foo-a
+${THIS_SH} -c 'foo-a'
+
+# CVE-2014-6271
+
+env -i BASH_FUNC_foo%%='() { echo cve6271 ok; } ; echo BAD' ${THIS_SH} -c foo 2>/dev/null
+
+# CVE-2014-7169
+
+rm -f cve7169-bad
+env -i BASH_FUNC_X%%='() { (a)=>\' ${THIS_SH} -c cve7169-bad 2>/dev/null
+: < cve7169-bad
+rm -f cve7169-bad
+
+echo cve7169-bad2 > $TMPDIR/bar
+rm -f cve7169-bad2
+eval  'X() { (a)>\' ; . ./bar 2>/dev/null
+: < cve7169-bad2
+rm -f cve7169-bad2 $TMPDIR/bar
+
+# CVE-2014-7186
+${THIS_SH} ./exportfunc1.sub
+
+# CVE-2014-7187
+${THIS_SH} ./exportfunc2.sub
+
+# CVE-2014-6277
+A100=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+A1000=${A100}
+
+for (( i = 0; i < 999; i++ ))
+do
+	A1000+=${A100}
+done
+
+env BASH_FUNC_foo%%="() { 000(){>0;}&000(){ 0;}<<0 0" ${THIS_SH} -c foo 2>/dev/null
+env BASH_FUNC_foo%%="() { 000(){>0;}&000(){ 0;}<<${A1000} 0" ${THIS_SH} -c foo 2>/dev/null
+${THIS_SH} -c "f(){ x(){ _;}; x(){ _;}<<a;}" 2>/dev/null
+unset A100 A1000
+
+# CVE-2014-6278
+
+env 'BASH_FUNC_FOO%%=() { 0;}>r[0${$(}0 {>"$(id >/dev/tty)"; }' ${THIS_SH} -c : 2>/dev/null
+
+rm -f HELLO_WORLD
+env BASH_FUNC_FOO%%='() { 0;}>r[0${$(}0 {>HELLO_WORLD; }' ${THIS_SH} -c : 2>/dev/null
+: < HELLO_WORLD
+
+env BASH_FUNC_x%%='() { _;}>_[$($())] { echo vuln;}' ${THIS_SH} -c : 2>/dev/null
+
+env -i BASH_FUNC_x%%='() { _; } >_[${ $() }] { id; }' ${THIS_SH} -c : 2>/dev/null
+
+env BASH_FUNC_x%%=$'() { _;}>_[$($())]\n{ echo vuln;}' ${THIS_SH} -c : 2>/dev/null
+eval 'x() { _;}>_[$($())] { echo vuln;}' 2>/dev/null
+
+eval 'foo() { _; } >_[${ $() }] ;{ echo eval ok; }'
+
+# other tests fixed in bash43-030 concerning function name transformation
+env $'BASH_FUNC_\nfoo%%=() { echo transform-1; }' ${THIS_SH} -c foo 2>/dev/null
+env $'BASH_FUNC_foo\n%%=() { echo transform-2; }' ${THIS_SH} -c foo 2>/dev/null
+env $'BASH_FUNC_  foo  %%=() { echo transform-3; }' ${THIS_SH} -c foo 2>/dev/null
+
+unset -f foo
+env $'BASH_FUNC_#badname%%'=$'() { :; }\nfoo () { echo transform-4; }  ' ${THIS_SH} -c 'foo' 2>/dev/null
+
+# tests of exported names
+${THIS_SH} ./exportfunc3.sub