aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-09-30ash: [VAR] Sanitise environment variable names on entryDenys Vlasenko
Upstream commit: Date: Sat, 25 Feb 2012 15:35:18 +0800 [VAR] Sanitise environment variable names on entry On Tue, Feb 14, 2012 at 10:48:48AM +0000, harald@redhat.com wrote: > "export -p" prints all environment variables, without checking if the > environment variable is a valid dash variable name. > > IMHO, the only valid usecase for "export -p" is to eval the output. > > $ eval $(export -p); echo OK > OK > > Without this patch the following test does error out with: > > test.py: > import os > os.environ["test-test"]="test" > os.environ["test_test"]="test" > os.execv("./dash", [ './dash', '-c', 'eval $(export -p); echo OK' ]) > > $ python test.py > ./dash: 1: export: test-test: bad variable name > > Of course the results can be more evil, if the environment variable > name is crafted, that it injects valid shell code. This patch fixes the issue by sanitising all environment variable names upon entry into the shell. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-30ash: [EVAL] Avoid using undefined handlerDenys Vlasenko
Upstream commit: Date: Fri, 8 Jul 2011 16:41:24 +0800 [EVAL] Avoid using undefined handler * src/eval.c (evalbltin, evalfun): Set savehandler before calling setjmp with the possible "goto *done", where savehandler is used. Otherwise, clang warns that "Assigned value is garbage or undefined" at the point where "savehandler" is used on the RHS. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-30ash: remove dead stores and unused variablesDenys Vlasenko
Upstream commit 1: Date: Fri, 8 Jul 2011 16:12:20 +0800 [MEMALLOC] Avoid gcc warning: variable 'oldstackp' set but not used * src/memalloc.c (growstackblock): Remove declaration and set of set-but-not-used variable. Also remove a stray space-before-TAB. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Upstream commit 2: Date: Fri, 8 Jul 2011 16:16:11 +0800 [MEMALLOC] Avoid clang warning about dead store to "size" * src/memalloc.c (makestrspace): Remove dead store. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-30ash: [MEMALLOC] Add pushstackmarkDenys Vlasenko
Upstream commit: Author: Herbert Xu <herbert@gondor.apana.org.au> Date: Sat Oct 6 00:45:52 2007 +0800 [MEMALLOC] Add pushstackmark This patch gets rid of the stack mark tracking hack by allocating a little bit of stack memory if we're at risk of planting a stack mark which may be grown later. To do this a new function pushstackmark is added which lets the user pick a bigger amount to allocate since some users do that anyway after setting a stack mark. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-30hush: fix typo in commentDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-30hush: fix interactive input handling of backslash+newlineDenys Vlasenko
function old new delta fgetc_interactive - 258 +258 i_peek_and_eat_bkslash_nl 43 93 +50 static_peek2 7 - -7 setup_string_in_str 46 39 -7 setup_file_in_str 47 40 -7 file_peek 72 52 -20 expand_vars_to_list 1167 1143 -24 file_peek2 74 - -74 file_get 326 65 -261 ------------------------------------------------------------------------------ (add/remove: 1/2 grow/shrink: 1/5 up/down: 308/-400) Total: -92 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29hush: G.user_input_buf[] is needed only if line editing is enabledDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29shell testsuite: add trailing newline to var_unbackslash1.testsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29hush: speed optimizationsDenys Vlasenko
Make o_addchr() faster: do not call o_grow_by() each time. Create i_getch_and_eat_bkslash_nl(), use it instead of peek+getch pair. function old new delta o_addchr 42 54 +12 parse_dollar 761 771 +10 o_grow_by 48 37 -11 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/1 up/down: 24/-11) Total: 11 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29hush: fix handling of by backslash-newline in $((arith)) and $(cmd)Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29hush: rework input char buffering to allow more than one-deep peekDenys Vlasenko
...this time with actual hush.c changes too :) Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29ash: fix arithmetic closing )) split by backslash-newlineDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29ash: [PARSER] Handle backslash newlines properly after dollar signDenys Vlasenko
Fixes var_unbackslash1.tests failure. Upstream commit: [PARSER] Handle backslash newlines properly after dollar sign On Tue, Aug 26, 2014 at 12:34:42PM +0000, Eric Blake wrote: > On 08/26/2014 06:15 AM, Oleg Bulatov wrote: > > While playing with sh generators I found that dash and bash have different > > interpretations for <slash><newline> sequence. > > > > $ dash -c 'EDIT=xxx; echo $EDIT\ > >> OR' > > xxxOR > > Buggy. > > > > $ dash -c 'echo "$\ > > (pwd)"' > > $(pwd) > > > > Is it undefined behaviour in POSIX? > > No, it's well-defined, and dash is buggy. ... I agree. This patch should resolve this problem and similar ones affecting blackslash newlines after we encounter a dollar sign. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29hush: rework input char buffering to allow more than one-deep peekDenys Vlasenko
This fixes backslash+newline continuation in $VAR\ NAME construct. (ash has a bug there as well). function old new delta file_peek2 - 74 +74 parse_dollar 746 773 +27 expand_vars_to_list 1143 1167 +24 setup_string_in_str 32 46 +14 setup_file_in_str 33 47 +14 file_get 264 278 +14 static_peek2 - 7 +7 file_peek 91 72 -19 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 5/1 up/down: 174/-19) Total: 155 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29ash: input: Allow two consecutive calls to pungetcDenys Vlasenko
Upstream commit: input: Allow two consecutive calls to pungetc The commit ef91d3d6a4c39421fd3a391e02cd82f9f3aee4a8 ([PARSER] Handle backslash newlines properly after dollar sign) created cases where we make two consecutive calls to pungetc. As we don't explicitly support that there are corner cases where you end up with garbage input leading to undefined behaviour. This patch adds explicit support for two consecutive calls to pungetc. Reported-by: Jilles Tjoelker <jilles@stack.nl> Reported-by: Juergen Daubert <jue@jue.li> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> In bbox case, bashism >& may need two pungetc() too. function old new delta pgetc 514 555 +41 pushstring 114 144 +30 basepf 52 76 +24 popstring 134 151 +17 parse_command 1584 1585 +1 pungetc 12 9 -3 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 5/1 up/down: 113/-3) Total: 110 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29hush: fix 'eval ""' handlingDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29hush: fix ". EMPTY_LINE" not setting $? to 0Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29ash: jobs: Don't attempt to access job table for job %0Denys Vlasenko
Upstream commit: jobs: Don't attempt to access job table for job %0 If job %0 is (mistakenly) specified, an out-of-bounds access to the jobtab occurs in function getjob() if num = 0: jp = jobtab + 0 - 1 Fix this by checking that the job number is larger than 0 before accessing the jobtab. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-29ash: [EVAL] Make eval with empty arguments return 0Denys Vlasenko
This is a backport of upstream commit: [EVAL] Make eval with empty arguments return 0 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-28ash: [EVAL] Fix use-after-free in dotrap/evalstringDenys Vlasenko
From upstream: [EVAL] Fix use-after-free in dotrap/evalstring The function dotrap calls evalstring using the stored trap string. If evalstring then unsets that exact trap string then we will end up using freed memory. This patch fixes it by making evalstring always duplicate the string before using it. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-28ash: Remove unused EV_BACKCMD flagDenys Vlasenko
The original ash defered forking commands in backquotes so builtins could be run in the same context as the shell. This behavior was controlled using the EV_BACKCMD to evaltree. Unfortunately, as Matthias Scheler noticed in 1999 (NetBSD PR/7814), the result was counterintuitive; for example, echo "`cd /`" would change the cwd. So ash 0.3.5 left out that optimization. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-28ash: eval: Return status in eval functionsDenys Vlasenko
Backported from dash: eval: Return status in eval functions The exit status is currently clobbered too early for case statements and loops. This patch fixes it by making the eval functions return the current exit status and setting them in one place -- evaltree. Harald van Dijk pointed out a number of bugs in the original patch. function old new delta evalcommand 1226 1242 +16 cmdloop 383 398 +15 evalfor 223 227 +4 evalcase 271 275 +4 localcmd 348 350 +2 evaltreenr 927 928 +1 evaltree 927 928 +1 evalsubshell 150 151 +1 evalpipe 356 357 +1 parse_command 1585 1584 -1 evalloop 177 164 -13 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 9/2 up/down: 45/-14) Total: 31 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-28traceroute: cleanup and fixes for packet size calculationsDenys Vlasenko
Remove FEATURE_TRACEROUTE_SOURCE_ROUTE: it's off by default, and source routing is not used in real world. Tested that "traceroute -n ::1 100" and "traceroute -n 127.0.0.1 100" both send 100 byte IP packets (this matches what traceroute on Fedora Rawhide is doing). function old new delta common_traceroute_main 3731 3738 +7 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-28vi: fix '' command (goto to prev context)Denys Vlasenko
The '' command in vi doesn't currently work because after the first apostrophe is read, the next character is converted to an integer between 0 and 25 inclusive (for indexing the array of marks). The comparison of the converted character with an apostrophe therefore never succeeds, meaning that '' doesn't do anything. Based on the patch by Francis Rounds <francis.rounds@4bridgeworks.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-27mount: for cifs, dont insert "ip=ADDR" option if user gave it explicitlyDenys Vlasenko
This makes it possible to use scoped IPv6 addresses: mount -t cifs -o ip=<ADDR>%<iface_id> //<ADDR>/test test Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-26examples: wpa_supplicant.conf has a wrong field deleted in examplesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-26mount: tweak "IPv6 scoped addr" commitDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-26libbb: make xmalloc_sockaddr2dotted use NI_NUMERICSCOPEDenys Vlasenko
Gives "mount -t cifs //fe80::6a05:caff:fe3e:dbf5%eth0/test test" a chance to work: mount must pass "ip=numeric_IPv6%numeric_iface_id" in the omunt option string. Currently, it does not. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-26libbb/speed_table.c: expand commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-26typo fix in commentDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-25ash: in heredoc code, fix access past the end of allocated memory. Closes 9276Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-25ash: fix handling of NULs in $'abc\000def\x00asd'. Closes 9286Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-25ifupdown: improve help text, add comment about run-parts error msgDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-24libbb: handle \S in /etc/issueDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-22AUTHORS: Add myself to AUTHORSLinus Walleij
Instead of complaining that my authorship of the rewrite of the mdev to use /sys/dev is totally gone from the git history I bravely take credit by adding myself to the AUTHORS file instead, he he. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-21ash: use glob() from libcDenys Vlasenko
Adapted from dash. The "homegrown" glob code is retained (ifdef'ed out). This changes was inspired by bug 9261, which detected out-of bounds use of heap for 2098 byte long name in the "homegrown" code. This is still not fixed... function old new delta expandarg 960 982 +22 static.syntax_index_table 26 25 -1 static.spec_symbls 27 26 -1 static.metachars 4 - -4 addfname 42 - -42 msort 126 - -126 expmeta 528 - -528 ------------------------------------------------------------------------------ (add/remove: 0/4 grow/shrink: 1/2 up/down: 22/-702) Total: -680 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-20examples/var_service/supplicant_if: new service exampleDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-20ifupdown: when flushing addresses with "ip", add label %label%Denys Vlasenko
User report: or our board we setup eth0:0 on a 10.10.10.x/29 netwrok. The problem is ip addr flush dev eth0:0 removes all ip addresses from eth0. You can see this if you run ip -stat -stat addr flush dev eth0:0 2: eth0 inet 172.27.105.10/22 brd 172.27.107.255 scope global eth0 valid_lft forever preferred_lft forever 2: eth0 inet 10.10.10.9/29 scope global eth0:0 valid_lft forever preferred_lft forever 2: eth0 inet6 fe80::a2f6:fdff:fe18:2b13/64 scope link valid_lft forever preferred_lft forever *** Round 1, deleting 3 addresses *** *** Flush is complete after 1 round *** Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-20ash: fix handling of bashism $'xxx' with high-bit chars. Closes 9236Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-20hush: document better where bad redirect syntax is detectedDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-18libnetlink: fix alignment of netlink messagesHauke Mehrtens
A padding to align a message should not only be added between different attributes of a netlink message, but also at the end of the message to pad it to the correct size. Without this patch the following command does not work and returns an error code: ip link add type nlmon Without this ip from busybox sends this: sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=45, ...}, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\22\0\t\0\1nlmon"}, iov_len=45}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 45 return value: 2 The normal ip utile from iproute2 sends this: sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=48, ...}, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\22\0\t\0\1nlmon\0\0\0"}, iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48 return value: 0 With this patch ip from busybox sends this: sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=48, ...}, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\22\0\t\0\1nlmon\0\0\0"}, iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48 return value: 0 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-18libbb: do not use fflush_unlocked, musl does not like fflush_unlocked(NULL)Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-17ash: exit after subshell error when errexit option is setRostislav Skudnov
When "set -e" option is on, shell must exit when any command fails, including compound commands of the form (compound-list) executed in a subshell. Bash and dash shells have this behaviour. Also add a corresponding testcase. Signed-off-by: Rostislav Skudnov <rostislav@tuxera.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-17fdisk: fix CONFIG_FEATURE_SUN_LABEL=y buildDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-17fix "aloc" -> "alloc" typosDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-17ash: add a FIXME for bug 9246Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-15svlogd: strip leading '!' from processor linesFrancis Rounds
When using svlogd's processor functionality to run arbitrary commands on log rotation, the line in the config is executed verbatim, i.e. the exclamation mark is included. For example, if the config file contains: s100 !cat then when it's time to rotate the log files after each 100 bytes, sh -c "!cat" will be run, instead of sh -c "cat" as intended. The result is svlogd logging /bin/bash: !cat: command not found svlogd: warning: processor failed, restart: /tmp/svlogd/ over and over again as it keeps attempting to execute the processor and failing (unless you happen to have a "!cat" binary around :)). Skipping the exclamation mark when performing the wstrdup() fixes the issue. Signed-off-by: Francis Rounds <francis.rounds@4bridgeworks.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-15vi: make "g<key>" error message less likely to show garbageDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-15libbb:/send_to_from: do not require that "to" should have the same AF. ↵Denys Vlasenko
Closes 9146 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-09-15modutils: support finit_module syscallMike Frysinger
On some systems like Chromium OS, loading modules from non-verified filesystems is denied. Only finit_module is allowed because an open fd is passed which can be checked against a verified location. Change the module loading code to first attempt finit_module and if that fails for whatever reason, fall back to the existing logic. On x86_64, this adds ~80 bytes to modutils/modutils.o and ~68 bytes to modutils/modprobe-small.o. Signed-off-by: Mike Frysinger <vapier@chromium.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>