From a8152fedabb1bf042432dcc4a17b473f8a9b3199 Mon Sep 17 00:00:00 2001 From: BVK Chaitanya Date: Sun, 7 Nov 2010 16:13:14 +0530 Subject: [PATCH 1/2] suppress shell expansion inside quoted strings --- grub-core/script/execute.c | 2 +- tests/grub_cmd_echo.in | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c index d859a13bd..72d199760 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -374,7 +374,7 @@ grub_script_arglist_to_argv (struct grub_script_arglist *arglist, case GRUB_SCRIPT_ARG_TYPE_DQSTR: case GRUB_SCRIPT_ARG_TYPE_SQSTR: - if (grub_script_argv_append (&result, arg->str)) + if (append (arg->str, 1)) goto fail; break; } diff --git a/tests/grub_cmd_echo.in b/tests/grub_cmd_echo.in index 6ac33f55e..902696778 100644 --- a/tests/grub_cmd_echo.in +++ b/tests/grub_cmd_echo.in @@ -31,3 +31,11 @@ echo foo -n echo foo -n -e echo ------- + +if test -n "$grubshell"; then insmod regexp; fi + +echo '*' +echo "*" + +foo="*" +echo "$foo" From 898c99a2c35f2d874c14b8e225ed36982e724adb Mon Sep 17 00:00:00 2001 From: BVK Chaitanya Date: Sun, 7 Nov 2010 16:18:29 +0530 Subject: [PATCH 2/2] add changelog entry --- ChangeLog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index c92c49562..71f0f9fa2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2010-11-07 BVK Chaitanya + + Suppress shell expansion on echo '*' and echo "*" like cases, + reported by Jordan Uggla. + + * grub-core/script/execute.c (grub_script_arglist_to_argv): Escape + string arguments before shell expansion. + * tests/grub_cmd_echo.in: New testcases. + 2010-11-01 Grégoire Sutre * grub-core/partmap/bsdlabel.c (iterate_real): Fix an integer overflow.