[git commit] hush: do not allow sh -c '{ echo boo }'

Denys Vlasenko vda.linux at googlemail.com
Mon Nov 7 15:22:35 UTC 2016


commit: https://git.busybox.net/busybox/commit/?id=4224647c8d0990f8ffb17d8481655827161a94d4
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 shell/hush.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/shell/hush.c b/shell/hush.c
index 0bc67ec..a01db9c 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -4533,12 +4533,14 @@ static struct pipe *parse_stream(char **pstring,
 				syntax_error_unterm_str("here document");
 				goto parse_error;
 			}
-			/* end_trigger == '}' case errors out earlier,
-			 * checking only ')' */
 			if (end_trigger == ')') {
 				syntax_error_unterm_ch('(');
 				goto parse_error;
 			}
+			if (end_trigger == '}') {
+				syntax_error_unterm_ch('{');
+				goto parse_error;
+			}
 
 			if (done_word(&dest, &ctx)) {
 				goto parse_error;


More information about the busybox-cvs mailing list