diff -r -c3p bash-2.05b-orig/shell.c bash-2.05b/shell.c *** bash-2.05b-orig/shell.c Wed Jul 17 22:41:03 2002 --- bash-2.05b/shell.c Wed Jul 17 23:09:34 2002 *************** static int want_initial_help; /* --help *** 194,199 **** --- 194,200 ---- int no_line_editing = 0; /* Don't do fancy line editing. */ int posixly_correct = 0; /* Non-zero means posix.2 superset. */ + int protected = 0; /* Don't allow command substitution. */ int dump_translatable_strings; /* Dump strings in $"...", don't execute. */ int dump_po_strings; /* Dump strings in $"..." in po format */ int wordexp_only = 0; /* Do word expansion only */ *************** struct { *** 217,222 **** --- 218,224 ---- { "noprofile", Int, &no_profile, (char **)0x0 }, { "norc", Int, &no_rc, (char **)0x0 }, { "posix", Int, &posixly_correct, (char **)0x0 }, + { "protected", Int, &protected, (char **)0x0 }, { "rcfile", Charp, (int *)0x0, &bashrc_file }, #if defined (RESTRICTED_SHELL) { "restricted", Int, &restricted, (char **)0x0 }, *************** static void run_startup_files __P((void) *** 267,273 **** static int open_shell_script __P((char *)); static void set_bash_input __P((void)); static int run_one_command __P((char *)); ! static int run_wordexp __P((char *)); static int uidget __P((void)); --- 269,275 ---- static int open_shell_script __P((char *)); static void set_bash_input __P((void)); static int run_one_command __P((char *)); ! static int run_wordexp __P((char *, int)); static int uidget __P((void)); *************** main (argc, argv, env) *** 610,616 **** if (wordexp_only) { startup_state = 3; ! last_command_exit_value = run_wordexp (argv[arg_index]); exit_shell (last_command_exit_value); } --- 612,618 ---- if (wordexp_only) { startup_state = 3; ! last_command_exit_value = run_wordexp (argv[arg_index], protected); exit_shell (last_command_exit_value); } *************** disable_priv_mode () *** 1129,1136 **** } static int ! run_wordexp (words) char *words; { int code, nw, nb; WORD_LIST *wl, *result; --- 1131,1139 ---- } static int ! run_wordexp (words, no_cmdsub) char *words; + int no_cmdsub; { int code, nw, nb; WORD_LIST *wl, *result; *************** run_wordexp (words) *** 1167,1173 **** if (global_command->type != cm_simple) return (126); wl = global_command->value.Simple->words; ! result = wl ? expand_words_no_vars (wl) : (WORD_LIST *)0; } else result = (WORD_LIST *)0; --- 1170,1183 ---- if (global_command->type != cm_simple) return (126); wl = global_command->value.Simple->words; ! if (wl) ! { ! result = no_cmdsub ! ? expand_words_no_vars_no_cmdsub (wl) ! : expand_words_no_vars (wl); ! } ! else ! result = (WORD_LIST *)0; } else result = (WORD_LIST *)0; diff -r -c3p bash-2.05b-orig/subst.c bash-2.05b/subst.c *** bash-2.05b-orig/subst.c Wed Jul 17 22:40:58 2002 --- bash-2.05b/subst.c Thu Jul 18 11:44:45 2002 *************** static char *parameter_brace_patsub __P( *** 241,247 **** static char *parameter_brace_expand __P((char *, int *, int, int *, int *)); static char *param_expand __P((char *, int *, int, int *, int *, int *, int *, int)); ! static WORD_LIST *expand_word_internal __P((WORD_DESC *, int, int, int *, int *)); static WORD_LIST *word_list_split __P((WORD_LIST *)); --- 241,247 ---- static char *parameter_brace_expand __P((char *, int *, int, int *, int *)); static char *param_expand __P((char *, int *, int, int *, int *, int *, int *, int)); ! static WORD_LIST *expand_word_internal __P((WORD_DESC *, int, int, int *, int *, int)); static WORD_LIST *word_list_split __P((WORD_LIST *)); *************** call_expand_word_internal (w, q, i, c, e *** 2310,2316 **** { WORD_LIST *result; ! result = expand_word_internal (w, q, i, c, e); if (result == &expand_word_error || result == &expand_word_fatal) { expand_no_split_dollar_star = 0; /* XXX */ --- 2310,2316 ---- { WORD_LIST *result; ! result = expand_word_internal (w, q, i, c, e, 0); if (result == &expand_word_error || result == &expand_word_fatal) { expand_no_split_dollar_star = 0; /* XXX */ *************** expand_prompt_string (string, quoted) *** 2397,2403 **** td.word = savestring (string); no_longjmp_on_fatal_error = 1; ! value = expand_word_internal (&td, quoted, 0, (int *)NULL, (int *)NULL); no_longjmp_on_fatal_error = 0; if (value == &expand_word_error || value == &expand_word_fatal) --- 2397,2403 ---- td.word = savestring (string); no_longjmp_on_fatal_error = 1; ! value = expand_word_internal (&td, quoted, 0, (int *)NULL, (int *)NULL, 0); no_longjmp_on_fatal_error = 0; if (value == &expand_word_error || value == &expand_word_fatal) *************** parameter_brace_expand (string, indexp, *** 5125,5130 **** --- 5125,5150 ---- return (temp); } + #define WEXP_VARASSIGN 0x001 + #define WEXP_BRACEEXP 0x002 + #define WEXP_TILDEEXP 0x004 + #define WEXP_PARAMEXP 0x008 + #define WEXP_PATHEXP 0x010 + #define WEXP_NOCMDSUB 0x020 + + /* All of the expansions, including variable assignments at the start of + the list. */ + #define WEXP_ALL (WEXP_VARASSIGN|WEXP_BRACEEXP|WEXP_TILDEEXP|WEXP_PARAMEXP|WEXP_PATHEXP) + + /* All of the expansions except variable assignments at the start of + the list. */ + #define WEXP_NOVARS (WEXP_BRACEEXP|WEXP_TILDEEXP|WEXP_PARAMEXP|WEXP_PATHEXP) + + /* All of the `shell expansions': brace expansion, tilde expansion, parameter + expansion, command substitution, arithmetic expansion, word splitting, and + quote removal. */ + #define WEXP_SHELLEXP (WEXP_BRACEEXP|WEXP_TILDEEXP|WEXP_PARAMEXP) + /* Expand a single ${xxx} expansion. The braces are optional. When the braces are used, parameter_brace_expand() does the work, possibly calling param_expand recursively. */ *************** arithsub: *** 5357,5362 **** --- 5377,5389 ---- } comsub: + if (pflags & WEXP_NOCMDSUB) + { + report_error ("command substitution attempted"); + FREE (temp); + return (&expand_param_error); + } + temp1 = command_substitute (temp, quoted); FREE (temp); temp = temp1; *************** return0: *** 5467,5477 **** #define WHOLLY_QUOTED 2 static WORD_LIST * ! expand_word_internal (word, quoted, isexp, contains_dollar_at, expanded_something) WORD_DESC *word; int quoted, isexp; int *contains_dollar_at; int *expanded_something; { WORD_LIST *list; WORD_DESC *tword; --- 5494,5505 ---- #define WHOLLY_QUOTED 2 static WORD_LIST * ! expand_word_internal (word, quoted, isexp, contains_dollar_at, expanded_something, no_cmdsub) WORD_DESC *word; int quoted, isexp; int *contains_dollar_at; int *expanded_something; + int no_cmdsub; { WORD_LIST *list; WORD_DESC *tword; *************** add_string: *** 5624,5630 **** has_dollar_at = 0; temp = param_expand (string, &sindex, quoted, expanded_something, &has_dollar_at, "ed_dollar_at, ! &had_quoted_null, 0); if (temp == &expand_param_error || temp == &expand_param_fatal) { --- 5652,5658 ---- has_dollar_at = 0; temp = param_expand (string, &sindex, quoted, expanded_something, &has_dollar_at, "ed_dollar_at, ! &had_quoted_null, no_cmdsub); if (temp == &expand_param_error || temp == &expand_param_fatal) { *************** add_string: *** 5647,5652 **** --- 5675,5688 ---- temp = string_extract (string, &sindex, "`", 0); de_backslash (temp); + + if (no_cmdsub) + { + report_error ("command substitution attempted"); + FREE (temp); + return (&expand_word_error); + } + temp1 = command_substitute (temp, quoted); FREE (temp); temp = temp1; *************** add_twochars: *** 5719,5725 **** temp = (char *)NULL; has_dollar_at = 0; ! list = expand_word_internal (tword, Q_DOUBLE_QUOTES, 0, &has_dollar_at, (int *)NULL); if (list == &expand_word_error || list == &expand_word_fatal) { --- 5755,5761 ---- temp = (char *)NULL; has_dollar_at = 0; ! list = expand_word_internal (tword, Q_DOUBLE_QUOTES, 0, &has_dollar_at, (int *)NULL, no_cmdsub); if (list == &expand_word_error || list == &expand_word_fatal) { *************** separate_out_assignments (tlist) *** 6323,6347 **** return (tlist); } - #define WEXP_VARASSIGN 0x001 - #define WEXP_BRACEEXP 0x002 - #define WEXP_TILDEEXP 0x004 - #define WEXP_PARAMEXP 0x008 - #define WEXP_PATHEXP 0x010 - - /* All of the expansions, including variable assignments at the start of - the list. */ - #define WEXP_ALL (WEXP_VARASSIGN|WEXP_BRACEEXP|WEXP_TILDEEXP|WEXP_PARAMEXP|WEXP_PATHEXP) - - /* All of the expansions except variable assignments at the start of - the list. */ - #define WEXP_NOVARS (WEXP_BRACEEXP|WEXP_TILDEEXP|WEXP_PARAMEXP|WEXP_PATHEXP) - - /* All of the `shell expansions': brace expansion, tilde expansion, parameter - expansion, command substitution, arithmetic expansion, word splitting, and - quote removal. */ - #define WEXP_SHELLEXP (WEXP_BRACEEXP|WEXP_TILDEEXP|WEXP_PARAMEXP) - /* Take the list of words in LIST and do the various substitutions. Return a new list of words which is the expanded list, and without things like variable assignments. */ --- 6359,6364 ---- *************** expand_words_no_vars (list) *** 6362,6367 **** --- 6379,6393 ---- return (expand_word_list_internal (list, WEXP_NOVARS)); } + /* Same as expand_words_no_vars (), but reports an error on an attempt + to perform command substitution. */ + WORD_LIST * + expand_words_no_vars_no_cmdsub (list) + WORD_LIST *list; + { + return (expand_word_list_internal (list, WEXP_NOVARS | WEXP_NOCMDSUB)); + } + WORD_LIST * expand_words_shellexp (list) WORD_LIST *list; *************** shell_expand_word_list (tlist, eflags) *** 6571,6577 **** expanded_something = 0; expanded = expand_word_internal ! (tlist->word, 0, 0, &has_dollar_at, &expanded_something); if (expanded == &expand_word_error || expanded == &expand_word_fatal) { --- 6597,6603 ---- expanded_something = 0; expanded = expand_word_internal ! (tlist->word, 0, 0, &has_dollar_at, &expanded_something, eflags & WEXP_NOCMDSUB); if (expanded == &expand_word_error || expanded == &expand_word_fatal) { diff -r -c3p bash-2.05b-orig/subst.h bash-2.05b/subst.h *** bash-2.05b-orig/subst.h Wed Jul 17 22:41:03 2002 --- bash-2.05b/subst.h Wed Jul 17 23:03:19 2002 *************** extern WORD_LIST *expand_words __P((WORD *** 199,204 **** --- 199,208 ---- variables. */ extern WORD_LIST *expand_words_no_vars __P((WORD_LIST *)); + /* Same as expand_words_no_vars (), but reports an error on an attempt + to perform command substitution. */ + extern WORD_LIST *expand_words_no_vars_no_cmdsub __P((WORD_LIST *)); + /* Perform the `normal shell expansions' on a WORD_LIST. These are brace expansion, tilde expansion, parameter and variable substitution, command substitution, arithmetic expansion, and word splitting. */