CVE-2014-7169: Bash Shellshock incomplete fix – command injection via function import in non-POSIX mode

CVE-2014-7169 is the bypass of the incomplete CVE-2014-6271 (Shellshock) fix. In bash's initialize_shell_variables() (variables.c), after the incomplete fix added BASH_FUNC_/%% prefix+suffix checks and SEVAL_FUNCDEF|SEVAL_ONECMD flags, a command injection is still possible because:

1. In non-POSIX mode (posixly_correct == 0, the default), the legal_identifier(tname) check is skipped entirely — only absolute_program(tname) == 0 is verified.
2. The extracted function name tname (from between BASH_FUNC_ and %%) is concatenated with the function body to form temp_string, then passed directly to parse_and_execute.
3. Specially crafted function bodies containing a trailing backslash \ (line continuation) can cause the bash parser to exhaust the string input source and pop to the next input source (e.g., the -c argument), effectively injecting the -c command into the function body parse stream.
4. The SEVAL_FUNCDEF check in evalstring.c runs AFTER parse_command(), so parser side-effects (file creation via redirections, reading from alternate input sources) can occur before the guard activates.