shell/read: check that variable names are sane

function old new delta shell_builtin_read 1000 1055 +55 parse_command 1460 1463 +3 builtin_umask 121 123 +2 is_well_formed_var_name 73 66 -7 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2010-01-13 18:22:35 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2010-01-13 18:22:35 +0100
commit: 25d9b91d94688b9b022224b95c06cbd4b75da085 (patch)
tree: 6d3b5dd63f3fab3fba018c73ae4bc64e5a38b150 /shell/builtin_read.c
parent: 03d81ef43aca1808255d1a2a19ec394ed805eee8 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/shell/builtin_read.c b/shell/builtin_read.c
index 73b0949cf..954e4cd14 100644
--- a/shell/builtin_read.c
+++ b/shell/builtin_read.c
@@ -39,6 +39,7 @@ shell_builtin_read(void FAST_FUNC (*setvar)(const char *name, const char *val),
 	unsigned end_ms; /* -t TIMEOUT */
 	int fd; /* -u FD */
 	int nchars; /* -n NUM */
+	char **pp;
 	char *buffer;
 	struct termios tty, old_tty;
 	const char *retval;
@@ -46,6 +47,16 @@ shell_builtin_read(void FAST_FUNC (*setvar)(const char *name, const char *val),
 	int startword;
 	smallint backslash;
 
+	pp = argv;
+	while (*pp) {
+		if (!is_well_formed_var_name(*pp, '\0')) {
+			/* Mimic bash message */
+			bb_error_msg("read: '%s': not a valid identifier", *pp);
+			return (const char *)(uintptr_t)1;
+		}
+		pp++;
+	}
+
 	nchars = 0; /* if != 0, -n is in effect */
 	if (opt_n) {
 		nchars = bb_strtou(opt_n, NULL, 10);
author	Denys Vlasenko <vda.linux@googlemail.com>	2010-01-13 18:22:35 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2010-01-13 18:22:35 +0100
commit	25d9b91d94688b9b022224b95c06cbd4b75da085 (patch)
tree	6d3b5dd63f3fab3fba018c73ae4bc64e5a38b150 /shell/builtin_read.c
parent	03d81ef43aca1808255d1a2a19ec394ed805eee8 (diff)