Path: csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail
From: Raffaele Florio <raffaeleflorio@protonmail.com>
Newsgroups: gnu.bash.bug
Subject: BUG in arithcomp: bypass of the check condition and arbitrary read/write of shell variables
Date: Fri, 10 Apr 2020 09:44:31 +0000
Lines: 54
Approved: bug-bash@gnu.org
Message-ID: <mailman.448.1586525862.2644.bug-bash@gnu.org>
References: <wpJilm7mRPuWJxLdt3JR1F2vB5ji7oedWngUa1pgq0nIgwsmVcOUnTWfhzPfE0WZ0Rqj2R_QXw3ZygA_hQQvBtlU_Une8VmMD_dEHm0jUTU=@protonmail.com>
Reply-To: Raffaele Florio <raffaeleflorio@protonmail.com>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
X-Trace: usenet.stanford.edu 1586525863 3659 209.51.188.17 (10 Apr 2020 13:37:43 GMT)
X-Complaints-To: action@cs.stanford.edu
To: "bug-bash@gnu.org" <bug-bash@gnu.org>
Envelope-to: bug-bash@gnu.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1586511874; bh=+SnQr17/mjWxIg9klGpRDjShVTniDBUscL/fR3hHodw=; h=Date:To:From:Reply-To:Subject:From; b=omcO/bZJMTQlG/W8pZPBnTAHtnT6t5RUXye9vMLvIVyU9aI1mylU/PdVaUguJWsPX GqgXv/sl99IJdR+Hcm5GXEs6Aj/WKmW9ZtJ9awyWR0lIQt2PArsUYgLMHFklnWcugD uRR0341urWuqIx2piIY0P4DW0qQProOvrw+oB0LA=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy]
X-Received-From: 185.70.40.130
X-Mailman-Approved-At: Fri, 10 Apr 2020 09:37:41 -0400
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
X-Mailman-Original-Message-ID: <wpJilm7mRPuWJxLdt3JR1F2vB5ji7oedWngUa1pgq0nIgwsmVcOUnTWfhzPfE0WZ0Rqj2R_QXw3ZygA_hQQvBtlU_Une8VmMD_dEHm0jUTU=@protonmail.com>
Xref: csiph.com gnu.bash.bug:16116

TWFjaGluZTogeDg2XzY0Ck9TOiBsaW51eC1nbnUKQ29tcGlsZXI6IGdjYwpDb21waWxhdGlvbiBD
RkxBR1M6IC1PMiAtZyAtcGlwZSAtV2FsbCAtV2Vycm9yPWZvcm1hdC1zZWN1cml0eSAtV3AsLURf
Rk9SVElGWV9TT1VSQ0U9MiAtV3AsLURfR0xJQkNYWF9BU1NFUlRJT05TIC1mZXhjZXB0aW9ucyAt
ZnN0YWNrLXByb3RlY3Rvci1zdHJvbmcgLWdyZWNvcmQtZ2NjLXN3aXRjaGVzIC1zcGVjcz0vdXNy
L2xpYi9ycG0vcmVkaGF0L3JlZGhhdC1oYXJkZW5lZC1jYzEgLXNwZWNzPS91c3IvbGliL3JwbS9y
ZWRoYXQvcmVkaGF0LWFubm9iaW4tY2MxIC1tNjQgLW10dW5lPWdlbmVyaWMgLWZhc3luY2hyb25v
dXMtdW53aW5kLXRhYmxlcyAtZnN0YWNrLWNsYXNoLXByb3RlY3Rpb24gLWZjZi1wcm90ZWN0aW9u
IC1Xbm8tcGFyZW50aGVzZXMgLVduby1mb3JtYXQtc2VjdXJpdHkKdW5hbWUgb3V0cHV0OiBMaW51
eCB4MjMwIDUuNS4xMC0xMDAuZmMzMC54ODZfNjQgIzEgU01QIFdlZCBNYXIgMTggMTQ6MzQ6NDYg
VVRDIDIwMjAgeDg2XzY0IHg4Nl82NCB4ODZfNjQgR05VL0xpbnV4Ck1hY2hpbmUgVHlwZTogeDg2
XzY0LXJlZGhhdC1saW51eC1nbnUKCkJhc2ggVmVyc2lvbjogNS4wClBhdGNoIExldmVsOiAxMQpS
ZWxlYXNlIFN0YXR1czogcmVsZWFzZQoKRGVzY3JpcHRpb246CkEgYnVnIGluIHRoZSBmdW5jdGlv
biBhcml0aGNvbXAgKGluIHRlc3QuYykgYWxsb3dzIGFuIGF0dGFja2VyIHRvIGJ5cGFzcyBldmVy
eSBhcml0aG1ldGljIGNoZWNrLiBGdXJ0aGVybW9yZSwgdGhpcyBidWcsIGFsbG93cyBhbiBhdHRh
Y2tlciB0byByZWFkL3dyaXRlIGFyYml0cmFyeSBzaGVsbCB2YXJpYWJsZXMuIFRoZSBidWcgY291
bGQgYmUgYWxzbyB0cmlnZ2VyZWQgd2l0aCB0aGUgdGVzdCBidWlsdC1pbi4KVGhlIGNoZWNrIGJ5
cGFzcyBhbmQgdGhlIGFyYml0cmFyeSByZWFkL3dyaXRlIGlzIHJlbGF0ZWQgdG8gdGhlIHNhbWUg
bG9naWMuIFByZWNpc2VseSBieSB0aGUgZnVuY3Rpb25zIGNhbGxlZCBieSBhcml0aGNvbXAuCklu
ZGVlZCB0aGUgZnVuY3Rpb25zIGNhbGxlZCBieSBhcml0aGNvbXAgY2F1c2UgdGhlIGV2YWx1YXRp
b24gb2YgdGhlIHN1cHBsaWVkIGFyaXRoY29tcCBmdW5jdGlvbiBhcmd1bWVudCwgcG90ZW50aWFs
bHkgZmVkIGJ5IHVzZXIgaW5wdXQuClRoZSBjaGFpbiBvZiB0aGUgY2FsbGVkIGZ1bmN0aW9ucyBp
czogZXZhbGV4cCAoZGVmaW5lZCBpbiBleHByLmMpIC0+IHN1YmV4cHIgLT4gcmVhZHRvayArIEVY
UF9ISUdIRVNULiBJbiB0aGlzIHdheSBldmVyeSBhcml0aG1ldGljL2JpdHdpc2UvbG9naWNhbCBl
eHByZXNzaW9ucyBvciB2YXJpYWJsZSBhc3NpZ25tZW50IGlzIGV2YWx1YXRlZC4KVGhlIGNhaGlu
IGlzIHRyaWdnZXJlZCBieSB0aGUgTDM0NyBvciBMMzUwOgogICAgMzM3IHN0YXRpYyBpbnQKICAg
IDMzOCBhcml0aGNvbXAgKHMsIHQsIG9wLCBmbGFncykKICAgIDMzOSAgICAgIGNoYXIgKnMsICp0
OwogICAgMzQwICAgICAgaW50IG9wLCBmbGFnczsKICAgIDM0MSB7Ci4uLi4uLi4KICAgIDM0NSAg
IGlmIChmbGFncyAmIFRFU1RfQVJJVEhFWFApCiAgICAzNDYgICAgIHsKLT4gMzQ3ICAgICAgIGwg
PSBldmFsZXhwIChzLCAwLCAmZXhwb2spOwogICAgMzQ4ICAgICAgIGlmIChleHBvayA9PSAwKQog
ICAgMzQ5ICAgICAgICAgcmV0dXJuIChGQUxTRSk7ICAgICAgICAgLyogc2hvdWxkIHByb2JhYmx5
IGxvbmdqbXAgaGVyZSAqLwotPiAzNTAgICAgICAgciA9IGV2YWxleHAgKHQsIDAsICZleHBvayk7
CiAgICAzNTEgICAgICAgaWYgKGV4cG9rID09IDApCiAgICAzNTIgICAgICAgICByZXR1cm4gKEZB
TFNFKTsgICAgICAgICAvKiBkaXR0byAqLwogICAgMzUzICAgICB9Ci4uLi4uCgpJJ3ZlIGFsc28g
dHJpZWQgb24gTWFjT1Mgd2l0aCBiYXNoIGFuZCBzaC4gT24gV2luZG93cyBpdCB3b3JrcyB3aXRo
IGdpdCBiYXNoLiBGdXJ0aGVybW9yZSB6c2ggaXMgYWxzbyBhZmZlY3RlZC4gSSBkaWRuJ3QgdHJ5
IG90aGVyICpzaCBzaGVsbC4KClJlcGVhdC1CeToKPT09PT09IEFyaXRobWV0aWMgY2hlY2sgYnlw
YXNzID09PT09PQpHaXZlIGluIGlucHV0ICJ5IiAoYXMgc3RyaW5nKSB0byB0aGUgYmVsb3cgc2Ny
aXB0IGFuZCB0aGUgZXF1YWxpdHkgd2lsbCBiZSBzYXRpc2ZpZWQuIFRoaXMgaXMgY2F1c2VkIGJ5
IHRoZSBmYWN0IHRoYXQgdGhlIHkgZ2l2ZW4gaW4gaW5wdXQgaXMgZXZhbHVhdGVkIGFzIHNoZWxs
IHZhcmlhYmxlIGJ5IHRoZSBleHByZXNzaW9uIGV2YWx1YXRvci4KSGVyZSB0aGUgc2NyaXB0Ogoj
IS9wYXRoL3RvL2Jhc2gKCnk9JFJBTkRPTQpyZWFkIGlucHV0CmlmIFtbICIkeSIgLWVxICIkaW5w
dXQiIF1dOyB0aGVuCiAgICBlY2hvICJPSyIKZmkKCj09PT09IHJlYWQvd3JpdGUgb2YgYXJiaXRy
YXJ5IHNoZWxsIHZhcmlhYmxlcyA9PT09PT0KR2l2ZSBpbiBpbnB1dCAieD00Mix4eXo9VUlEIiB0
byB0aGUgYmVsb3cgc2NyaXB0LiBBZnRlciB0aGUgdGVzdCB4IHdpbGwgY29udGFpbiA0MiBhbmQg
eHl6IHRoZSBVSUQgdmFsdWUuIFRoZSBzYW1lIGxvZ2ljIGluIHRoaXMgYnVnLiBGdXJ0aGVybW9y
ZSBpZiBQV0QgaXMgZ2l2ZW4sIGluc3RlYWQgb2YgVUlELCB0aGUgUFdEIHZhbHVlIGlzIHByaW50
ZWQgdGhhbmtzIHRoZSBldmFsdWF0aW9uIGVycm9yLgpIZXJlIHRoZSBzY3JpcHQ6CiMhL3BhdGgv
dG8vYmFzaAoKeD0iVkFMIgp5PTEyMzQKcmVhZCBpbnB1dAoKaWYgW1sgIiR5IiAtZXEgIiRpbnB1
dCIgXV07IHRoZW4KZWNobyAiT0siCmZpCgplY2hvICJ4ID0gJHgiCmVjaG8gInh5eiA9ICR4eXoi
CgpGaXg6CkEgc29sdXRpb24gY291bGQgYmUgdG8gdXNlIGEgc2ltcGxlciBlcXVhbGl0eSBzdHJh
dGVneSBmb3IgdGhlIGFyaXRobWV0aWMgY29tcGFyaXNvbi4gTW9yZSBvciBsZXNzIGxpa2UgdGhl
IGxvZ2ljIG9mIHRoZSBzdHJpbmcgY29tcGFyaXNvbiBpbXBsZW1lbnRlZCBpbiB0aGUgc2FtZSBm
aWxlICh0ZXN0LmMpLiBCYXNpY2FsbHksIHRoZSBsYXR0ZXIsIHVzZSBhIHN0cmNtcC4=