|
Packit Service |
a8c26c |
diff --git a/src/cmd/ksh93/sh/arith.c b/src/cmd/ksh93/sh/arith.c
|
|
Packit Service |
a8c26c |
--- a/src/cmd/ksh93/sh/arith.c
|
|
Packit Service |
a8c26c |
+++ b/src/cmd/ksh93/sh/arith.c
|
|
Packit Service |
a8c26c |
@@ -513,21 +513,34 @@ Sfdouble_t sh_strnum(register const char *str, char** ptr, int mode)
|
|
Packit Service |
a8c26c |
char base=(shp->inarith?0:10), *last;
|
|
Packit Service |
a8c26c |
if(*str==0)
|
|
Packit Service |
a8c26c |
{
|
|
Packit Service |
a8c26c |
- if(ptr)
|
|
Packit Service |
a8c26c |
- *ptr = (char*)str;
|
|
Packit Service |
a8c26c |
- return(0);
|
|
Packit Service |
a8c26c |
- }
|
|
Packit Service |
a8c26c |
- errno = 0;
|
|
Packit Service |
a8c26c |
- d = strtonll(str,&last,&base,-1);
|
|
Packit Service |
a8c26c |
- if(*last || errno)
|
|
Packit Service |
a8c26c |
- {
|
|
Packit Service |
a8c26c |
- if(!last || *last!='.' || last[1]!='.')
|
|
Packit Service |
a8c26c |
- d = strval(shp,str,&last,arith,mode);
|
|
Packit Service |
a8c26c |
- if(!ptr && *last && mode>0)
|
|
Packit Service |
a8c26c |
- errormsg(SH_DICT,ERROR_exit(1),e_lexbadchar,*last,str);
|
|
Packit Service |
a8c26c |
+ d = 0.0;
|
|
Packit Service |
a8c26c |
+ last = (char*)str;
|
|
Packit Service |
a8c26c |
+ } else {
|
|
Packit Service |
a8c26c |
+ errno = 0;
|
|
Packit Service |
a8c26c |
+ d = strtonll(str,&last,&base,-1);
|
|
Packit Service |
a8c26c |
+ if (*last && !shp->inarith && sh_isstate(SH_INIT)) {
|
|
Packit Service |
a8c26c |
+ // This call is to handle "base#value" literals if we're importing untrusted env vars.
|
|
Packit Service |
a8c26c |
+ errno = 0;
|
|
Packit Service |
a8c26c |
+ d = strtonll(str, &last, NULL, -1);
|
|
Packit Service |
a8c26c |
+ }
|
|
Packit Service |
a8c26c |
+
|
|
Packit Service |
a8c26c |
+ if(*last || errno)
|
|
Packit Service |
a8c26c |
+ {
|
|
Packit Service |
a8c26c |
+ if (sh_isstate(SH_INIT)) {
|
|
Packit Service |
a8c26c |
+ // Initializing means importing untrusted env vars. Since the string does not appear
|
|
Packit Service |
a8c26c |
+ // to be a recognized numeric literal give up. We can't safely call strval() since
|
|
Packit Service |
a8c26c |
+ // that allows arbitrary expressions which would create a security vulnerability.
|
|
Packit Service |
a8c26c |
+ d = 0.0;
|
|
Packit Service |
a8c26c |
+ } else {
|
|
Packit Service |
a8c26c |
+ if(!last || *last!='.' || last[1]!='.')
|
|
Packit Service |
a8c26c |
+ d = strval(shp,str,&last,arith,mode);
|
|
Packit Service |
a8c26c |
+ if(!ptr && *last && mode>0)
|
|
Packit Service |
a8c26c |
+ errormsg(SH_DICT,ERROR_exit(1),e_lexbadchar,*last,str);
|
|
Packit Service |
a8c26c |
+ }
|
|
Packit Service |
a8c26c |
+ } else if (!d && *str=='-') {
|
|
Packit Service |
a8c26c |
+ d = -0.0;
|
|
Packit Service |
a8c26c |
+ }
|
|
Packit Service |
a8c26c |
}
|
|
Packit Service |
a8c26c |
- else if (!d && *str=='-')
|
|
Packit Service |
a8c26c |
- d = -0.0;
|
|
Packit Service |
a8c26c |
if(ptr)
|
|
Packit Service |
a8c26c |
*ptr = last;
|
|
Packit Service |
a8c26c |
return(d);
|