shell/read: check that variable names are sane

function                                             old     new   delta
shell_builtin_read                                  1000    1055     +55
parse_command                                       1460    1463      +3
builtin_umask                                        121     123      +2
is_well_formed_var_name                               73      66      -7

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 11 insertions, 0 deletions

diff --git a/shell/builtin_read.c b/shell/builtin_read.c
index 73b0949cf..954e4cd14 100644
--- a/shell/builtin_read.c
+++ b/shell/builtin_read.c
@@ -39,6 +39,7 @@ shell_builtin_read(void FAST_FUNC (*setvar)(const char *name, const char *val),
         unsigned end_ms; /* -t TIMEOUT */
         int fd; /* -u FD */
         int nchars; /* -n NUM */
+        char **pp;
         char *buffer;
         struct termios tty, old_tty;
         const char *retval;
@@ -46,6 +47,16 @@ shell_builtin_read(void FAST_FUNC (*setvar)(const char *name, const char *val),
         int startword;
         smallint backslash;
 
+        pp = argv;
+        while (*pp) {
+                if (!is_well_formed_var_name(*pp, '\0')) {
+                        /* Mimic bash message */
+                        bb_error_msg("read: '%s': not a valid identifier", *pp);
+                        return (const char *)(uintptr_t)1;
+                }
+                pp++;
+        }
+
         nchars = 0; /* if != 0, -n is in effect */
         if (opt_n) {
                 nchars = bb_strtou(opt_n, NULL, 10);