From upstream:
[EVAL] Fix use-after-free in dotrap/evalstring
The function dotrap calls evalstring using the stored trap string.
If evalstring then unsets that exact trap string then we will end
up using freed memory.
This patch fixes it by making evalstring always duplicate the string
before using it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The original ash defered forking commands in backquotes so builtins
could be run in the same context as the shell. This behavior was
controlled using the EV_BACKCMD to evaltree.
Unfortunately, as Matthias Scheler noticed in 1999 (NetBSD PR/7814),
the result was counterintuitive; for example, echo "`cd /`" would
change the cwd. So ash 0.3.5 left out that optimization.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Backported from dash:
eval: Return status in eval functions
The exit status is currently clobbered too early for case statements
and loops. This patch fixes it by making the eval functions return
the current exit status and setting them in one place -- evaltree.
Harald van Dijk pointed out a number of bugs in the original patch.
function old new delta
evalcommand 1226 1242 +16
cmdloop 383 398 +15
evalfor 223 227 +4
evalcase 271 275 +4
localcmd 348 350 +2
evaltreenr 927 928 +1
evaltree 927 928 +1
evalsubshell 150 151 +1
evalpipe 356 357 +1
parse_command 1585 1584 -1
evalloop 177 164 -13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 9/2 up/down: 45/-14) Total: 31 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Adapted from dash.
The "homegrown" glob code is retained (ifdef'ed out).
This changes was inspired by bug 9261, which detected out-of bounds use of heap
for 2098 byte long name in the "homegrown" code. This is still not fixed...
function old new delta
expandarg 960 982 +22
static.syntax_index_table 26 25 -1
static.spec_symbls 27 26 -1
static.metachars 4 - -4
addfname 42 - -42
msort 126 - -126
expmeta 528 - -528
------------------------------------------------------------------------------
(add/remove: 0/4 grow/shrink: 1/2 up/down: 22/-702) Total: -680 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When "set -e" option is on, shell must exit when any command fails,
including compound commands of the form (compound-list) executed in a
subshell. Bash and dash shells have this behaviour.
Also add a corresponding testcase.
Signed-off-by: Rostislav Skudnov <rostislav@tuxera.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
We set all opened script fds to CLOEXEC, thus making then go away
after fork+exec.
Unfortunately, CLOFORK does not exist. NOEXEC children will still see those fds open.
For one, "ls" applet is NOEXEC. Therefore running "ls -l /proc/self/fd"
in a script from standalone shell shows this:
lrwx------ 1 root root 64 Aug 20 15:17 0 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 1 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 2 -> /dev/pts/3
lr-x------ 1 root root 64 Aug 20 15:17 3 -> /path/to/top/level/script
lr-x------ 1 root root 64 Aug 20 15:17 4 -> /path/to/sourced/SCRIPT1
...
with as many open fds as there are ". SCRIPTn" nest levels.
Fix it by closing these fds after fork (only for NOEXEC children).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Run this in a "sh SCRIPT":
sha256sum /dev/null
echo END
sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s.
By this time, entire script is read, and buffered in a FILE object
from fopen("SCRIPT"). But fgetc() did not consume entire input.
exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'.
(this may be libc-specific).
This change of fd position *is shared with the parent*!
Now parent can read more, and it thinks there is another "echo END".
End result: two "echo END"s are run.
Fix this by _exit()ing instead.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
On user request.
I thought enabling/disabling them all together is more consistent.
Evidently, some people do want them to be separately selectable.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The result of looking at "grep -F -B2 '*fill*' busybox_unstripped.map"
text data bss dec hex filename
829901 4086 1904 835891 cc133 busybox_before
829665 4086 1904 835655 cc047 busybox
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Bash doesn't expand its $'...' construct in double quotes:
$ echo "$'a\tb'"
$'a\tb'
Change BusyBox ash to do the same. This also fixes a problem with
here documents where BusyBox ash gave an incorrect result for:
$ cat <<EOF
> '$'
> EOF
'$'
Reported-by: Timo Teras <timo.teras@iki.fi>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
As reported in bug 8506:
$ X=abcdÉfghÍjklmnÓpqrstÚvwcyz
$ echo ${#X}
abcd26
The result should be 26.
This regression was introduced by:
<d68d1fb> 2015-05-18 [Ron Yorston] ash: code shrink around varvalue
The length in characters was being used to discard the contents of
the variable instead of the length in bytes.
URL: https://bugs.busybox.net/8506
Reported-by: Martijn Dekker <martijn@inlv.org>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This patch fixes compiling busybox with FEATURE_UTMP and _WTMP enabled.
musl, while not really support utmp/wtmp, provides stub functions, as well
as variables such as _PATH_UTMP, so that programs using utmp or wtmp can
still compile fine.
My reasoning for this patch is that on Exherbo, I'm currently trying to get
us to be able to use the same busybox config file for both glibc and musl
systems, using utmp/wtmp on systems that support it, and using the stubs
on musl without needing two different configs.
As of latest musl git, it provides all utmp functions needed; 1.1.12 doesn't,
but I sent a patch to Rich to add the utmp{,x}name functions expected to
exist, which was merged into musl upstream.
Signed-off-by: Kylie McClain <somasissounds@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Reported by gcc (Debian 5.3.1-4) 5.3.1 20151219
shell/ash.c: In function 'evaltree':
shell/ash.c:8432:19: warning: logical not is only applied to the left hand side of comparison
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Where the POSIX shell allows functions to be defined as:
name () compound-command [ redirections ]
bash adds the alternative syntax:
function name [()] compound-command [ redirections ]
Implement this in ash's bash compatibility mode. Most compound
commands work (for/while/until/if/case/[[]]/{}); one exception is:
function f (echo "no way!")
The other two variants work:
f() (echo "ok")
function f() (echo "also ok")
function old new delta
parse_command 1555 1744 +189
tokname_array 232 240 +8
.rodata 155612 155566 -46
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 197/-46) Total: 151 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If /tmp/test.sh is a script that tries to run a second script which
happens to be non-executable this:
command . /tmp/test.sh
causes a seg fault.
This is because clearredir is called in the error path to clear the
stack of redirections. The normal path then calls popredir, but popredir
fails when the stack is empty.
Reported-by: Bastian Bittorf <bittorf@bluebottle.com>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
evalcommand always clobbers the exit status in case of an EXEXEC
which means that exec always fails with exit status 2 regardless
of what it actually returns.
This patch adds the missing check for EXEXEC so that the correct
exit status is preserved. It causes the test ash-misc/exec.tests
to succeed.
Based on commit 7f68426 in dash git, by Herbert Xu.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The exec builtin should return an exit status of 127 if the command
can't be found. It doesn't: it returns 2.
If the command builtin is used to source a script that runs a second
script that doesn't exist ash should issue an error. Instead it seg
faults.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Processing of here documents in ash has had a couple of breakages
which are now the subject of tests. This commit should fix both.
It is based on the following commit in dash git by Herbert Xu:
<7c245aa> [PARSER] Simplify EOF/newline handling in list parser
(See git://git.kernel.org/pub/scm/utils/dash/dash.git)
Reported-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This reverts commit 7e66102f76 but
leaves the test in place as it's still valid.
Reported-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Save the value of the checkkwd flag to prevent it being clobbered
during recursion.
Based on commit ec2c84d from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
function old new delta
readtoken 190 203 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/0 up/down: 13/0) Total: 13 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The command builtin should only check the default path, not $PATH,
when the -p flag is used along with -v/-V.
Based on commits 65ae84b (by Harald van Dijk) and 29ee27d (by Herbert
Xu) from git://git.kernel.org/pub/scm/utils/dash/dash.git).
function old new delta
commandcmd 72 87 +15
describe_command 437 450 +13
typecmd 84 86 +2
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 30/0) Total: 30 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
busybox sh -c 'command --' segfaults because parse_command_args
returns a pointer to a null pointer.
Based on commit 18071c7 from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Gerrit Pape.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Based on commit 49b82fc from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
function old new delta
parse_command 1563 1555 -8
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-8) Total: -8 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Newline is a valid delimiter between the variable name and `in`
keyword in for loops.
Based on commit 22e8fb4 from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
function old new delta
parse_command 1568 1563 -5
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-5) Total: -5 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This used to work but doesn't now:
foo () {
cat <<EOF && { echo "$1" ; }
$1
EOF
}
foo "bar"
Reported-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Based on the patch by Rich Felker <dalias@libc.org>
function old new delta
builtin_umask 121 161 +40
umaskcmd 318 279 -39
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit 549deab caused this sequence of commands:
mkdir foo
cd foo
touch a b
echo "./"*
to return './*' instead of the expected './a ./b'. The problem
was caused by the backport of commit 880d952 from dash. In dash
the issue was fixed by two further commits by Herbert Xu:
<d6d06ff> [EXPAND] Fixed non-leading slash treatment in expmeta
<36f0fa8> [EXPAND] Fix slash treatment in expmeta
(See git://git.kernel.org/pub/scm/utils/dash/dash.git)
Apply these fixes to BusyBox ash, thus causing the new test
glob3.tests to succeed.
function old new delta
expmeta 469 528 +59
Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Introduce a library routine to package the idiom:
p = xmalloc(b, n);
memcpy(p, b, n);
and use it where possible. The example in traceroute used xzalloc
but it didn't need to.
function old new delta
xmemdup - 32 +32
last_main 834 826 -8
make_device 2321 2311 -10
common_traceroute_main 3698 3685 -13
readtoken1 3182 3168 -14
procps_scan 1222 1206 -16
forkchild 655 638 -17
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/6 up/down: 32/-78) Total: -46 bytes
Signed-off-by: Ron Yorston <rmy@frippery.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Now that the only thing protected by setjmp/longjmp is the saved string,
we can allocate it on the stack to get rid of the jump.
Based on commit bd35d8e from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
function old new delta
readtoken1 3182 3116 -66
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-66) Total: -66 bytes
Signed-off-by: Ron Yorston <rmy@frippery.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit 503a0b8 from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu says:
>The parsebackquote flag is only used in a test where it always has the
>value zero. So we can remove it altogether.
The first statement is incorrect: parsebackquote is non-zero when
backquotes (as opposed to $(...)) are used for command substitution.
It is possible for the test to be executed with parsebackquote != 0 in
that case.
The test is question checks whether quotes have been closed, raising
the error "unterminated quoted string" if they haven't. There seems
to be no good reason to allow unclosed quotes within backquotes. Bash,
hush and dash (after commit 503a0b8) all treat the following as an error:
XX=`"pwd`
whereas BusyBox ash doesn't. It just ignores the unclosed quote and
executes pwd.
So, parsebackquote should be removed but not for the reason stated.
function old new delta
parsebackquote 1 - -1
readtoken1 3222 3182 -40
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/1 up/down: 0/-41) Total: -41 bytes
Signed-off-by: Ron Yorston <rmy@frippery.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The commit
ash: move parse-time quote flag detection to run-time
breaks pattern substitution in parameter expansion. Fix this and
revise the code so that the different handling of the pattern and
the replacement string takes place in rmescapes rather than the
separate function parse_sub_pattern.
function old new delta
rmescapes 227 273 +46
static.qchars 3 4 +1
subevalvar 1177 1157 -20
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 47/-20) Total: 27 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Because the parser does not recursively parse parameter expansion
with respect to quotes, we can't accurately determine quote status at
parse time. This patch works around this by moving the quote detection
to run-time where we do interpret it recursively.
Test case:
foo=\\ echo "<${foo#[\\]}>"
Old result:
<\>
New result:
<>
Do not quote back slashes in parameter expansions outside quotes.
Test case:
a=/b/c/*
b=\\
echo ${a%$b*}
Old result:
/b/c/*
New result:
/b/c/
Based on commits 880d952, 7cfd8be, 0d7d660 and a7c21a6 from
git://git.kernel.org/pub/scm/utils/dash/dash.git by Herbert Xu
function old new delta
argstr 1164 1193 +29
memtodest 147 174 +27
subevalvar 1153 1177 +24
redirect 1279 1282 +3
dolatstr 5 7 +2
static.spclchars 10 9 -1
expandarg 962 960 -2
evalcase 273 271 -2
evalcommand 1204 1197 -7
rmescapes 236 227 -9
preglob 27 8 -19
evalvar 604 582 -22
cmdputs 389 334 -55
readtoken1 3163 3061 -102
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 5/9 up/down: 85/-219) Total: -134 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Collapsing arithmetic expansion is incorrect when the inner arithmetic
expansion is a part of a parameter expansion.
Test case:
unset a
echo $((3 + ${a:=$((4 + 5))}))
echo $a
Old result:
12
(4 + 5)
New result:
12
9
Based on commit bb777a6 from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu
function old new delta
readtoken1 3180 3163 -17
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Based on commits 1a74845, cfc3d6a and ff13779 from
git://git.kernel.org/pub/scm/utils/dash/dash.git by Herbert Xu
function old new delta
evalcommand 1197 1204 +7
localcmd 327 325 -2
readtoken1 3200 3180 -20
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/2 up/down: 7/-22) Total: -15 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Test case:
unset a
echo "${a:-~root}"
Old result:
/root
New result:
~root
Based on commit 170f44d from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu
function old new delta
evalvar 598 604 +6
parse_command 1440 1443 +3
localcmd 325 327 +2
readtoken1 3199 3200 +1
argstr 1180 1164 -16
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/1 up/down: 12/-16) Total: -4 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Previously tilde expansion was not carried out for =?#% expansion words.
Test case:
a=~root:~root
echo ${a#~root}
Old result:
/root:/root
New result:
:/root
Based on commit dd721f71 from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu
function old new delta
subevalvar 1152 1153 +1
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
fixes segfault introduced in 0a0acb55db with functions using "local -".
test-case: f() { local -; local x; }; f
note: with this change applied multiple 'local -'s still cause multiple entries to be added to the localvars list.
this problem will be addressed in a separate commit.
Signed-off-by: Eugene Rudoy <gene.devel@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
A tilde expansion generates a valid pathname. Splitting it using IFS
either leaves it unchanged or changes it to something unintended.
Example:
IFS=m HOME=/tmp; printf "%s\n" ~
Based on this commit authored by Jilles Tjoelker:
http://git.kernel.org/cgit/utils/dash/dash.git/commit/?id=834629283f6c629a4da05ef60bae9445c954a19a
Signed-off-by: Ron Yorston <rmy@tigress.co.uk>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
It used to be aliased to !FEATURE_SH_EXTRA_QUIET for ash,
while hush had it separate from FEATURE_SH_EXTRA_QUIET.
Bring ash in line with hush.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>