bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code Execution in Mathematical Context


From: Ilkka Virta
Subject: Re: Code Execution in Mathematical Context
Date: Wed, 5 Jun 2019 20:39:54 +0300
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:60.0) Gecko/20100101 Thunderbird/60.7.0

On 5.6. 17:05, Chet Ramey wrote:
On 6/4/19 3:26 PM, Ilkka Virta wrote:
If the bad user supplied variable contains array indexing in itself, e.g.
bad='none[$(date >&2)]' then using it in an arithmetic expansion still
executes the 'date', single quotes or not (the array doesn't need to exist):

Because the value is treated as an expression, not an integer constant.

And I suppose that's by design, or just required by the arithmetic expression syntax, right? I think that was part of the original question.

   $ (( 'bad' ))
   Tue Jun  4 22:04:32 EEST 2019

Quoting a string doesn't make it a non-identifier in this context.

So is there some other "simple" way of preventing that, then?

   $ echo "$(( 'a[2]' ))"
   bash: 'a[2]' : syntax error: operand expected (error token is "'a[2]' ")

The expression between the parens is treated as if it were within double
quotes, where single quotes are not special.

I did put the double-quotes around the $((...)), but the same happens even without them. Is this just a difference between ((...)) and $((...)) for some reason?

--
Ilkka Virta / itvirta@iki.fi



reply via email to

[Prev in Thread] Current Thread [Next in Thread]