[Bash-completion-devel] [bash-completion-Bugs][311614] quoting bug in _known_hosts
bash-completion-bugs at alioth.debian.org
bash-completion-bugs at alioth.debian.org
Wed Apr 22 13:00:11 UTC 2009
Bugs item #311614, was opened at 2009-04-22 13:00 by Eric Blake
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=311614&group_id=100114
Status: Open
Priority: 3
Submitted By: Eric Blake (eblake-guest)
Assigned to: Nobody (None)
Summary: quoting bug in _known_hosts
Distribution: --Distribution-Agnostic--
Originally reported in: None
Milestone: 1.0
Status: None
Original bug number:
Initial Comment:
There is a quoting bug in _known_hosts, which causes the shell to attempt glob expansion. Although unlikely, a user can name a file to include shell metacharacters so that the glob performs arbitrary actions.
This portion of _known_hosts:
COMPREPLY=($( awk 'BEGIN {FS=","}
/^\s*[^|\#]/ {for (i=1; i<=2; ++i) { \
gsub(" .*$", "", $i); \
if ($i ~ /'$cur'/) {print $i} \
}}' "${kh[@]}" 2>/dev/null ));
Needs "" around $cur. Otherwise, something like 'ssh <tab>' causes cur to be defined as [a-z.], and since $cur does not occur in "", the shell treats it as a glob.
----------------------------------------------------------------------
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=311614&group_id=100114
More information about the Bash-completion-devel
mailing list