busybox

History

Denys Vlasenko d5f5045b43 ash: expand: Fix buffer overflow in expandmeta Upstream commit: Date: Sun, 25 Mar 2018 16:38:00 +0800 expand: Fix buffer overflow in expandmeta The native version of expandmeta allocates a buffer that may be overrun for two reasons. First of all the size is 1 byte too small but this is normally hidden because the minimum size is rounded up to 2048 bytes. Secondly, if the directory level is deep enough, any buffer can be overrun. This patch fixes both problems by calling realloc when necessary. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> function old new delta expmeta 517 635 +118 expandarg 990 996 +6 mklocal 288 290 +2 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/0 up/down: 126/0) Total: 126 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>		2018-04-14 14:50:47 +02:00
..
ash_test	shell: add 6856 $IFS tests to testsuites	2018-04-11 20:24:58 +02:00
hush_test	shell: add 6856 $IFS tests to testsuites	2018-04-11 20:24:58 +02:00
ash_doc.txt
ash_ptr_hack.c
ash.c	ash: expand: Fix buffer overflow in expandmeta	2018-04-14 14:50:47 +02:00
brace.txt
Config.src	config: deindent all help texts	2017-07-21 09:50:55 +02:00
cttyhack.c	regularize format of source file headers, no code changes	2017-09-18 16:28:43 +02:00
hush_doc.txt
hush_leaktool.sh
hush.c	hush: fix recent breakage from parse_stream() changes	2018-04-11 20:00:43 +02:00
Kbuild.src
match.c	hush: fix a='a\\'; echo "${a%\\\\}"	2018-03-02 20:48:36 +01:00
match.h
math.c	shell: handle $((NUM++...) like bash does. Closes 10706	2018-01-28 20:13:33 +01:00
math.h
random.c
random.h
README
README.job
shell_common.c	hush: fix IFS handling in read	2018-04-11 17:18:34 +02:00
shell_common.h	shell: more efficient check for EOL in read	2017-08-09 14:04:07 +02:00

README

http://www.opengroup.org/onlinepubs/9699919799/
Open Group Base Specifications Issue 7


http://www.opengroup.org/onlinepubs/9699919799/utilities/V3_chap01.html
Shell & Utilities

It says that any of the standard utilities may be implemented
as a regular shell built-in. It gives a list of utilities which
are usually implemented that way (and some of them can only
be implemented as built-ins, like "alias"):

alias
bg
cd
command
false
fc
fg
getopts
jobs
kill
newgrp
pwd
read
true
umask
unalias
wait


http://www.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
Shell Command Language

It says that shell must implement special built-ins. Special built-ins
differ from regular ones by the fact that variable assignments
done on special builtin are *PRESERVED*. That is,

VAR=VAL special_builtin; echo $VAR

should print VAL.

(Another distinction is that an error in special built-in should
abort the shell, but this is not such a critical difference,
and moreover, at least bash's "set" does not follow this rule,
which is even codified in autoconf configure logic now...)

List of special builtins:

. file
: [argument...]
break [n]
continue [n]
eval [argument...]
exec [command [argument...]]
exit [n]
export name[=word]...
export -p
readonly name[=word]...
readonly -p
return [n]
set [-abCefhmnuvx] [-o option] [argument...]
set [+abCefhmnuvx] [+o option] [argument...]
set -- [argument...]
set -o
set +o
shift [n]
times
trap n [condition...]
trap [action condition...]
unset [-fv] name...

In practice, no one uses this obscure feature - none of these builtins
gives any special reasons to play such dirty tricks.

However. This section also says that *function invocation* should act
similar to special built-in. That is, variable assignments
done on function invocation should be preserved after function invocation.

This is significant: it is not unthinkable to want to run a function
with some variables set to special values. But because of the above,
it does not work: variable will "leak" out of the function.