[v1.1] Do not import SRANDOM upper bound from env (re: 00b296c)

If SRANDOM was exported to the environment, a child ksh was dutifully importing it, setting the imported value as an upper bound. This is very undesirable and may well be a vulnerability, depending on the script. src/cmd/ksh93/sh/init.c: put_srand(): - Refuse to set the upper bound if the SH_INIT state is on, which is the case while importing the environment at init time.
ksh93 · Jan 23, 2024 · 77ae650 · 77ae650
1 parent 08714c3
commit 77ae650
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/src/cmd/ksh93/sh/init.c b/src/cmd/ksh93/sh/init.c
@@ -737,6 +737,8 @@ static void put_srand(Namval_t* np,const char *val,int flags,Namfun_t *fp)
 		_nv_unset(np,NV_RDONLY);
 		return;
 	}
+	if(sh_isstate(SH_INIT))
+		return;
 	if(flags&NV_INTEGER)
 		srand_upper_bound = *(Sfdouble_t*)val;
 	else

diff --git a/src/cmd/ksh93/tests/variables.sh b/src/cmd/ksh93/tests/variables.sh
@@ -1639,6 +1639,14 @@ do	if	let "got = SRANDOM, got >= bound"
 		break
 	fi
 done
+env "SRANDOM=$bound" "$SHELL" -c 'typeset -i i
+	for ((i=0; i<100; i++))
+	do	print $SRANDOM
+	done' |
+while	read i
+do	((got = i>=bound)) && break
+done
+((got)) || err_exit "SRANDOM upper bound inherited from environment"
 unset i got bound
 SRANDOM=0