[Bash-completion-devel] [bash-completion-Bugs][311614] quoting bug in _known_hosts
bash-completion-bugs at alioth.debian.org
bash-completion-bugs at alioth.debian.org
Mon Aug 24 19:23:51 UTC 2009
Bugs item #311614, was changed at 2009-04-22 15:00 by Freddy Vulto
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=311614&group_id=100114
Status: Open
Priority: 3
Submitted By: Eric Blake (eblake-guest)
>Assigned to: Freddy Vulto (fvu-guest)
Summary: quoting bug in _known_hosts
Distribution: --Distribution-Agnostic--
Originally reported in: None
Milestone: 1.0
Status: None
Original bug number:
Initial Comment:
There is a quoting bug in _known_hosts, which causes the shell to attempt glob expansion. Although unlikely, a user can name a file to include shell metacharacters so that the glob performs arbitrary actions.
This portion of _known_hosts:
COMPREPLY=($( awk 'BEGIN {FS=","}
/^\s*[^|\#]/ {for (i=1; i<=2; ++i) { \
gsub(" .*$", "", $i); \
if ($i ~ /'$cur'/) {print $i} \
}}' "${kh[@]}" 2>/dev/null ));
Needs "" around $cur. Otherwise, something like 'ssh <tab>' causes cur to be defined as [a-z.], and since $cur does not occur in "", the shell treats it as a glob.
----------------------------------------------------------------------
Comment By: Eric Blake (eblake-guest)
Date: 2009-05-18 17:52
Message:
I regenerated the patch against the latest git master; with many more instances of underquoted $cur fixed in bash_completion proper. However, I suspect that a full audit of the contrib files will find yet more underquoted instances.
----------------------------------------------------------------------
Comment By: Eric Blake (eblake-guest)
Date: 2009-04-23 00:08
Message:
attaching a patch for all instances of underquoted $cur that I could find
----------------------------------------------------------------------
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=311614&group_id=100114
More information about the Bash-completion-devel
mailing list