From upstream:
[EVAL] Fix use-after-free in dotrap/evalstring
The function dotrap calls evalstring using the stored trap string.
If evalstring then unsets that exact trap string then we will end
up using freed memory.
This patch fixes it by making evalstring always duplicate the string
before using it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The original ash defered forking commands in backquotes so builtins
could be run in the same context as the shell. This behavior was
controlled using the EV_BACKCMD to evaltree.
Unfortunately, as Matthias Scheler noticed in 1999 (NetBSD PR/7814),
the result was counterintuitive; for example, echo "`cd /`" would
change the cwd. So ash 0.3.5 left out that optimization.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Backported from dash:
eval: Return status in eval functions
The exit status is currently clobbered too early for case statements
and loops. This patch fixes it by making the eval functions return
the current exit status and setting them in one place -- evaltree.
Harald van Dijk pointed out a number of bugs in the original patch.
function old new delta
evalcommand 1226 1242 +16
cmdloop 383 398 +15
evalfor 223 227 +4
evalcase 271 275 +4
localcmd 348 350 +2
evaltreenr 927 928 +1
evaltree 927 928 +1
evalsubshell 150 151 +1
evalpipe 356 357 +1
parse_command 1585 1584 -1
evalloop 177 164 -13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 9/2 up/down: 45/-14) Total: 31 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Adapted from dash.
The "homegrown" glob code is retained (ifdef'ed out).
This changes was inspired by bug 9261, which detected out-of bounds use of heap
for 2098 byte long name in the "homegrown" code. This is still not fixed...
function old new delta
expandarg 960 982 +22
static.syntax_index_table 26 25 -1
static.spec_symbls 27 26 -1
static.metachars 4 - -4
addfname 42 - -42
msort 126 - -126
expmeta 528 - -528
------------------------------------------------------------------------------
(add/remove: 0/4 grow/shrink: 1/2 up/down: 22/-702) Total: -680 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When "set -e" option is on, shell must exit when any command fails,
including compound commands of the form (compound-list) executed in a
subshell. Bash and dash shells have this behaviour.
Also add a corresponding testcase.
Signed-off-by: Rostislav Skudnov <rostislav@tuxera.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
We set all opened script fds to CLOEXEC, thus making then go away
after fork+exec.
Unfortunately, CLOFORK does not exist. NOEXEC children will still see those fds open.
For one, "ls" applet is NOEXEC. Therefore running "ls -l /proc/self/fd"
in a script from standalone shell shows this:
lrwx------ 1 root root 64 Aug 20 15:17 0 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 1 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 2 -> /dev/pts/3
lr-x------ 1 root root 64 Aug 20 15:17 3 -> /path/to/top/level/script
lr-x------ 1 root root 64 Aug 20 15:17 4 -> /path/to/sourced/SCRIPT1
...
with as many open fds as there are ". SCRIPTn" nest levels.
Fix it by closing these fds after fork (only for NOEXEC children).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Run this in a "sh SCRIPT":
sha256sum /dev/null
echo END
sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s.
By this time, entire script is read, and buffered in a FILE object
from fopen("SCRIPT"). But fgetc() did not consume entire input.
exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'.
(this may be libc-specific).
This change of fd position *is shared with the parent*!
Now parent can read more, and it thinks there is another "echo END".
End result: two "echo END"s are run.
Fix this by _exit()ing instead.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
On user request.
I thought enabling/disabling them all together is more consistent.
Evidently, some people do want them to be separately selectable.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The result of looking at "grep -F -B2 '*fill*' busybox_unstripped.map"
text data bss dec hex filename
829901 4086 1904 835891 cc133 busybox_before
829665 4086 1904 835655 cc047 busybox
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Bash doesn't expand its $'...' construct in double quotes:
$ echo "$'a\tb'"
$'a\tb'
Change BusyBox ash to do the same. This also fixes a problem with
here documents where BusyBox ash gave an incorrect result for:
$ cat <<EOF
> '$'
> EOF
'$'
Reported-by: Timo Teras <timo.teras@iki.fi>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
As reported in bug 8506:
$ X=abcdÉfghÍjklmnÓpqrstÚvwcyz
$ echo ${#X}
abcd26
The result should be 26.
This regression was introduced by:
<d68d1fb> 2015-05-18 [Ron Yorston] ash: code shrink around varvalue
The length in characters was being used to discard the contents of
the variable instead of the length in bytes.
URL: https://bugs.busybox.net/8506
Reported-by: Martijn Dekker <martijn@inlv.org>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This patch fixes compiling busybox with FEATURE_UTMP and _WTMP enabled.
musl, while not really support utmp/wtmp, provides stub functions, as well
as variables such as _PATH_UTMP, so that programs using utmp or wtmp can
still compile fine.
My reasoning for this patch is that on Exherbo, I'm currently trying to get
us to be able to use the same busybox config file for both glibc and musl
systems, using utmp/wtmp on systems that support it, and using the stubs
on musl without needing two different configs.
As of latest musl git, it provides all utmp functions needed; 1.1.12 doesn't,
but I sent a patch to Rich to add the utmp{,x}name functions expected to
exist, which was merged into musl upstream.
Signed-off-by: Kylie McClain <somasissounds@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Reported by gcc (Debian 5.3.1-4) 5.3.1 20151219
shell/ash.c: In function 'evaltree':
shell/ash.c:8432:19: warning: logical not is only applied to the left hand side of comparison
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Where the POSIX shell allows functions to be defined as:
name () compound-command [ redirections ]
bash adds the alternative syntax:
function name [()] compound-command [ redirections ]
Implement this in ash's bash compatibility mode. Most compound
commands work (for/while/until/if/case/[[]]/{}); one exception is:
function f (echo "no way!")
The other two variants work:
f() (echo "ok")
function f() (echo "also ok")
function old new delta
parse_command 1555 1744 +189
tokname_array 232 240 +8
.rodata 155612 155566 -46
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 197/-46) Total: 151 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
If /tmp/test.sh is a script that tries to run a second script which
happens to be non-executable this:
command . /tmp/test.sh
causes a seg fault.
This is because clearredir is called in the error path to clear the
stack of redirections. The normal path then calls popredir, but popredir
fails when the stack is empty.
Reported-by: Bastian Bittorf <bittorf@bluebottle.com>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
evalcommand always clobbers the exit status in case of an EXEXEC
which means that exec always fails with exit status 2 regardless
of what it actually returns.
This patch adds the missing check for EXEXEC so that the correct
exit status is preserved. It causes the test ash-misc/exec.tests
to succeed.
Based on commit 7f68426 in dash git, by Herbert Xu.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The exec builtin should return an exit status of 127 if the command
can't be found. It doesn't: it returns 2.
If the command builtin is used to source a script that runs a second
script that doesn't exist ash should issue an error. Instead it seg
faults.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Processing of here documents in ash has had a couple of breakages
which are now the subject of tests. This commit should fix both.
It is based on the following commit in dash git by Herbert Xu:
<7c245aa> [PARSER] Simplify EOF/newline handling in list parser
(See git://git.kernel.org/pub/scm/utils/dash/dash.git)
Reported-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This reverts commit 7e66102f76 but
leaves the test in place as it's still valid.
Reported-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Save the value of the checkkwd flag to prevent it being clobbered
during recursion.
Based on commit ec2c84d from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
function old new delta
readtoken 190 203 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/0 up/down: 13/0) Total: 13 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The command builtin should only check the default path, not $PATH,
when the -p flag is used along with -v/-V.
Based on commits 65ae84b (by Harald van Dijk) and 29ee27d (by Herbert
Xu) from git://git.kernel.org/pub/scm/utils/dash/dash.git).
function old new delta
commandcmd 72 87 +15
describe_command 437 450 +13
typecmd 84 86 +2
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/0 up/down: 30/0) Total: 30 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
busybox sh -c 'command --' segfaults because parse_command_args
returns a pointer to a null pointer.
Based on commit 18071c7 from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Gerrit Pape.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Based on commit 49b82fc from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
function old new delta
parse_command 1563 1555 -8
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-8) Total: -8 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Newline is a valid delimiter between the variable name and `in`
keyword in for loops.
Based on commit 22e8fb4 from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
function old new delta
parse_command 1568 1563 -5
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-5) Total: -5 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This used to work but doesn't now:
foo () {
cat <<EOF && { echo "$1" ; }
$1
EOF
}
foo "bar"
Reported-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>