Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh parser infinite loop in chuck from utils.c on malformed input



On Wed, May 10, 2017 at 9:45 AM, Peter Stephenson
<p.stephenson@xxxxxxxxxxx> wrote:
[...]
> The problem is NO_EXEC is all things to all people; in the case of a
> shell there isn't really "just" a syntax check, because it's too
> flexible.  The result of a parameter expansion can in some cases have
> a significant effect on what you're doing, in particular if the command
> to execute is part of it.  Being able to parse a parameter substitution
> is itself quite an important check; and there's no fundamental
> difference in the code between looking through the parameter
> substitution and changing the arguments based on what you find.  The
> name NO_EXEC, rather than, say, SYNTAX_CHECK, is significant.
>
> Adding an additional mode that does even less is certainly possible, but
> not necessarily of very wide applicability.

Oh, I agree. Take for example:

  dualbus@debian:~$ for sh in bash ksh93 mksh dash zsh; do echo $sh
$($sh -n <<< 'echo x; ${a$b}' 2>&1); done
  bash
  ksh93 ksh93: syntax error at line 1: `$' unexpected
  mksh
  dash
  zsh zsh: bad substitution

Only ksh93 and zsh are able to detect the problematic parameter
expansion under noexec.

And I don't think there's enough value in implementing an additional
mode. I can just hack the source to disable the bits that I find
problematic for fuzzing.

Thank you for your answers!



Messages sorted by: Reverse Date, Date, Thread, Author