[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Verifying numeric values
|
From: |
Greg Wooledge |
|
Subject: |
Re: Verifying numeric values |
|
Date: |
Mon, 18 Oct 2021 23:25:41 -0400 |
On Mon, Oct 18, 2021 at 11:10:32PM -0400, Andy Chu wrote:
> Try this:
>
> is_valid() {
> local x=$1
> local b=$(( 1 <= x && x <= 255 ))
> return $(( ! b )) # 0 is true, 1 is false
> }
Using un-validated input in a math context is a code injection in bash.
Given that the purpose of this function is to validate the input, one
must assume the input may be malicious.
unicorn:~$ is_valid 'a[0$(date >&2)]'
Mon Oct 18 23:20:48 EDT 2021
You've also got an issue with variables that point to each other (or to
themselves):
unicorn:~$ is_valid x && echo yes
bash: x: expression recursion level exceeded (error token is "x")
Again, this is a side effect of using potentially unsafe input in a
bash math context. The value of a variable may be treated as another
variable.
An input validation function has to operate on the input as a string,
until it's been verified to be safely numeric.
- Verifying numeric values, tolugboji, 2021/10/18
- Re: Verifying numeric values, David, 2021/10/18
- Re: Verifying numeric values, Andy Chu, 2021/10/18
- Re: Verifying numeric values,
Greg Wooledge <=
- Verifying numeric values, tolugboji, 2021/10/18
- Re: Verifying numeric values, Andy Chu, 2021/10/18
- Re: Verifying numeric values, Greg Wooledge, 2021/10/19
- Verifying numeric values, tolugboji, 2021/10/19
- Verifying numeric values, tolugboji, 2021/10/19
- Re: Verifying numeric values, Andreas Kusalananda Kähäri, 2021/10/19
- Message not available
- Re: Verifying numeric values, Andreas Kusalananda Kähäri, 2021/10/19
- Message not available
- Re: Verifying numeric values, Andreas Kusalananda Kähäri, 2021/10/20
Re: Verifying numeric values, Chris F.A. Johnson, 2021/10/18