Commit Graph

333 Commits

Author SHA1 Message Date
tg 609b311919 more low-hanging fruits for EBCDIC; notes:
• ord() new, From: Daniel Richard G. <skunk@iSKUNK.ORG>
  ‣ used in some places
• (c - '0') → ksh_numdig(c)	# may take *x++ argument
• (c - 'A') → ksh_numuc(c)	# may NOT take *x+= argument
  ‣ idem for ksh_numlc(c) and 'a'
  ‣ these need changing for EBCDIC
  ‣ add testsuite for this
• use macros more, they exist already often
• use digits_lc[foo] instead of ('0' + foo), especially for letters
• caught another ksh_eq case…
• also caught a maybe-UB overflow check, but we don’t have TIME_T_MAX ☹
2015-04-29 20:07:35 +00:00
tg 65f9b93926 ordinarily, lineno must be mksh_uari_t, but edit.c most of all isn’t ready,
so we mitigate a bit (in var.c mostly) and tweak another type already, and
add some checks (mksh_{,u}ari_t must fit into {,unsigned }long) and print
line numbers with %lu already
2015-04-19 18:50:38 +00:00
tg e1cda74d04 SECURITY: fix integer overflows related to file descriptor parsing
bug initially found by Pawel Wylecial (LP#1440685)
additional bug found and suggested fix by enh (elliott hughes)

This commit also renames struct ioword.flag to ioflag to disambiguate
it from other members named “flag”, changes it to an unsigned type,
and packs ioflag and unit into shorts each, to make the struct smaller
(aligned even: 16 bytes on 32-bit systems) and reviews some of the
code involved in fd handling, though there wasn’t much to be found.
2015-04-11 22:03:32 +00:00
tg 0d72355038 “local x=$1” is supposed to not field-split and so 2015-03-14 05:23:18 +00:00
tg 8f53c68265 • protect POSIX builtins and utilities from aliases, e.g:
‣ : → \:
  ‣ alias → \alias
    ⇒ except in some internally used cases, where we use \builtin alias
  ‣ command . → \command .
• protect Korn Shell builtins from aliases and functions, e.g:
  ‣ typeset → \builtin typeset
    ⇒ also unravels the “local” alias used
  ‣ print → \builtin print
• protect internally-used things from aliases
  ‣ “let]” is not a valid function name
  ‣ “set” is POSIX so we don’t expect anyone to override it in a function
• use “command -v” instead of “whence -p” (“which”) in most
  places; thanks izabera from #ed on IRC for pointing out
  that “command -v” is POSIX – except, “whence -p” a̲l̲w̲a̲y̲s̲ looks
  for an executable and shows its full pathname; “command -v”
  also resolves to aliases, functions and builtins, so only use
  it where it makes any sense (both never output to stderr)
• make most of dot.mkshrc work in the face of such aliases
  ‣ “ulimit -c” is used; this is not POSIX, and not portable;
    maybe we should make ulimit accept-and-ignore the most
    common limits even if the OS doesn’t use them?
• update list of builtin aliases in the manpage
2015-03-08 22:54:36 +00:00
tg fcc59eee48 remove some unused string pooling stuff 2015-03-08 21:30:22 +00:00
tg 4157cca352 oksh sync; unsure if it applies (with us using old_source and all) but
better be safe than sorry; it at least passes our testsuite

NOTE: people who can figure out how afl can be used for mksh welcome! ;-)
2015-02-13 12:51:33 +00:00
tg 2f52b993a1 • Build.sh: fix NSIG detection for gcc-snapshot
• all: bump version to R50-current; add more comments; whitespace
• all: remove all mkssert(); we’ll do full re-runs of scan-build and,
  hopefully, Coverity Scan/Prevent
• check.t: fix a testcase (sed could exit false, but we don’t care)
• eval.c: fix tilde_ok data type (only unsigned may shl constantly)
• exec.c: fix shebang buf array accesses to always go via uint8_t *
2014-11-25 21:13:31 +00:00
tg 996e05548a POSIX says “command” loses SPEC_BI and means it too
reported by ormaaj, who even asked on the austin ML
http://thread.gmane.org/gmane.comp.standards.posix.austin.general/9907/focus=9931
clarified by jilles; also make errorlevels match ksh93
2014-10-12 21:58:53 +00:00
tg e239a8358a use issetugid(2) as additional aid in determining if we are FPRIVILEGED 2014-10-03 17:19:27 +00:00
tg 37de6e2d62 restore C99 compatibility: do not use “restricted” as an identifier 2014-10-02 13:55:16 +00:00
tg 52461d70cc cease exporting $RANDOM (Debian #760857) 2014-10-02 13:53:54 +00:00
tg 0a87a59b47 keeping up with the jones; RCS ID sync only:
we already fixed the list of builtins ages ago,
and don’t use weird unportable ioctl(2)s
2014-09-12 20:23:33 +00:00
tg 129ba5c584 fix the “set ±p” issue for good
cf. http://blog.cmpxchg8b.com/2013/08/security-debianisms.html
2014-06-09 12:28:19 +00:00
tg 48c0f71deb remove (#ifdef DEBUG) obsolete integer wraparound runtime test (maybe do something for unsigneds later… but then, it’s the standard, and you’d notice very quickly, and check.t would) 2014-01-16 13:59:12 +00:00
tg 9c8c1827d9 • turn on brace expansion earlier, so MKSH_BINSHREDUCED turns it off
• add first (uninstallable) draft of a dash-mksh package in the same
  spirit joe-jupp has; requested by Kaarlo “janPasi” Poski
2014-01-16 13:54:45 +00:00
tg 270a86f895 • use BAFH for hash ipv NZAAT
• prep for release
• fix minor nits in manpage and tests
2014-01-11 18:09:43 +00:00
tg c1c0b997fe make the code to exec simple commands also available for mksh_small 2014-01-11 16:26:28 +00:00
tg 89e774fd7e • fix ${12345678901234567890} segfault (OOB access / integer overflow)
‣ not like oksh did, but using mksh’s built-in features
• handle suggested __pure additions
• revert cid 1004F7F096867C83CF0
  ‣ always use our wcwidth code
  ‣ only use our strlcpy code if none found
• fix a couple of gcc-snapshot and clang/scan-build warnings
• mksh R49~rc1
2014-01-05 21:57:29 +00:00
tg 2f7eec765d merge oksh’s “ctype cleanups” commit
(not much of it applies since we don’t use the OS’ table-based lookup)
2014-01-05 19:11:46 +00:00
tg c4c4fd7365 RCSID-only oksh sync (their whitespace changes don’t apply to us)
note that emacs.c partial peereboom rewrite is *not* merged, and kept that way
2013-11-30 17:33:51 +00:00
tg 73c5ad3e3f apply patch by Steffen Daode Nurpmeso to drop ISTRIP termios mode 2013-11-17 22:23:29 +00:00
tg f920d94785 add O_BINARY to all open() calls except tty_fd
cf. http://svn.netlabs.org/libc/wiki/Faq#Whydoesntreadfdbufsize_of_filereturnsize_of_file
2013-10-09 11:59:30 +00:00
tg 2e7509548a integrate latest changes from oksh: Wed Sep 4 15:49:19 2013 UTC by millert
Add a proper suspend builtin that saves/restores the tty and pgrp
as needed instead of an alias that just sends SIGSTOP.  Login shells
may be suspended if they are not running in an orphan process group.
2013-09-10 17:33:04 +00:00
tg 3876b38220 Steffen Daode Nurpmeso found an actual bug:
Whenever the SIGEXIT trap was set (to anything, really)
syntax errors and interruptions were not ignored any more
in an interactive shell (where they should be, unless
set -e is used); fix that.

tbd: traps should probably only be marked as pending
and run for LLEAVE/E_NONE
2013-07-25 18:07:47 +00:00
tg ead77623d3 Fix most “set -x” problems (LP#1179287)
• “set -x” manually (cmdline too) snapshots fd#2 now
• “set -o inherit-xtrace” introduced; default still enabled
• reverted iodup printing to pre-R45 behaviour
• made Flag(FXTRACE) a proper state machine
2013-07-21 18:47:24 +00:00
tg bd795a83ae partial merge and full RCS ID sync with oksh
merged:
• new regression tests
• check.pl (tests/th) better tmpfile handling
• exec.c 1.50: POSIX specifies that for an AND/OR list,
  only the last command's exit status matters for "set -e"
• ksh.1 1.147: document the above
• eval.c 1.39: “Make $(< /nonexistent) have the same behaviour
  as $(cat /nonexistent) wrt. errors (do not unwind and do not
  treat this as fatal if set -e is used).”
  ‣ additionally make shf_open() return errno and actually show
    the error message from the system
• regression-39 test: remove the “maybe” marker
  ‣ but decide on correct POSIX behaviour

already been fixed in mksh:
• check.pl (tests/th) exit 1 if tests fail

not merged:
• main.c 1.52: run traps in unwind() before exiting;
  I’m pretty sure this is already working as-should in mksh
• eval.c 1.38: “Commands executed via `foo` or $( bar ) should
  not inherit "set -e" status.” As discussed in IRC, this is
  just plainly WRONG.
2013-07-21 18:36:03 +00:00
tg 8e6b0f712a support n̲o̲t̲ fork(2)ing for -T (by prepending the tty with ‘!’); especially useful on Linux since our own setsid(2) is more annoying; gets rid of the need for oneit_lite and similar hacks; WARNING: also removes chown/chmod on the tty! 2013-06-03 22:28:06 +00:00
tg 8256f266ff fix a number of warnings and other issues:
• sig_t detection was a bit insane, it is a function-pointer type after all
• fix uninitialised variable in c_select which led to mistakenly accepting
  invalid (nōn-numeric) input and acting, randomly, upon it
• keep SIGCHLD blocked in child after forking longer, for job list manip
• block SIGCHLD ifdef DEBUG_LEAKS to not run job foo during/after afreeall
• fix annoying ISO C90 vs. C99 (un)signed constant warning
2013-06-02 03:09:17 +00:00
tg f0f34eb7b6 • Allow setting both -o posix and -o sh (although only in the same
command; setting one still unsets the other at first)
• Change subst_exstat to be conformant unless -o sh is set and -o posix isn’t
• In lksh, make subst_exstat (newly) conformant if -o posix
• New MKSH_BINSHPOSIX to accompany MKSH_BINSHREDUCED
• Sync lksh manpage precisely
2013-05-02 20:21:45 +00:00
tg 0fb44301ef can test wraparound not in lksh 2013-04-27 18:56:41 +00:00
tg deb4a3bf20 Oh well… this looks well, is done done, and gcc-snapshot doesn’t complain:
• correct order of built-in commands; use POSIX special versus “all others”
  plus “keeps assignments” as distinction, no longer play POSIX regular vs.
  others game; sync manpage
• fix LP#1156707: map (( internally to “let]” which is no valid function
  name and so can’t be overridden but is unlikely to be used otherwhere
  and not strictly permitted (by POSIX) anyway
• we do not need -Wno-overflow any more, either
• bump to R45
2013-04-26 21:22:50 +00:00
tg 41ae60bb55 now that funsub() is a separate function, and we don’t have the clobber
issue from longjmp any more, and that I thought to rewind the fd, finally
implement ${ …;} on deleted-after-open tempfiles without the need to reopen
2013-03-29 17:33:07 +00:00
tg 1df0cb4093 as a more general solution to fd leak detection, just do CLOEXEC manually
(this also allows us to see “real” leaks)
2013-02-10 21:42:16 +00:00
tg f209a252bc when leak debugging, free everything even in builtins 2013-02-10 21:17:07 +00:00
tg 2b06709bf3 improve DEBUG_LEAKS handling and fix freeing some locs 2013-02-10 19:05:37 +00:00
tg 43a41932e7 make DEBUG_LEAKS safely free all resources before the main shell exits 2013-02-10 18:17:30 +00:00
tg ce1ab97541 for DEBUG_LEAKS, prevent “leaking” of fds, even if they’re close-on-exit 2013-02-10 17:55:57 +00:00
tg 5741127ab7 experimentally enable afreeall(APERM) too, LP#1106116 2013-02-10 17:43:07 +00:00
tg 59009ac78f call it DEBUG_LEAKS so Android can always enable it 2013-02-10 17:41:06 +00:00
tg cb93db360d call afreeall(AEDIT) upon close; related to LP#1106116 2013-02-10 17:38:15 +00:00
tg 7a2130b02a do not, ever, even in local-only debugging examples, create anything
in /tmp without the use of mkstemp(3) or similar!
2013-01-06 18:44:07 +00:00
tg d5ba31fd86 fix the set +e cases, too 2013-01-01 22:23:16 +00:00
tg 744f77c668 fix running the ERR and EXIT traps in case of set -e and/or eval (includes Debian #696823) 2013-01-01 20:45:04 +00:00
tg 12c662b6e2 thanks to ISC (Interactive) Unix, we now know a few samples of errnos
that get used, plus one for the realpath-1 regression test; also make
sys_siglist_decl detection nicer and poison strerror() with non-const
return value ifdef DEBUG, make it always const
2012-12-17 23:18:11 +00:00
tg c4e88acd83 Correct mistake when doing hashtable lookup collision resolution… oops 2012-12-07 23:46:38 +00:00
tg f654a3dea4 fix libFirm/cparser -Wsign-compare 2012-12-05 19:38:25 +00:00
tg 0f3071a8b2 MKSH_DISABLE_EXPERIMENTAL is a NOP again; use ${ precmd;} in dot.mkshrc 2012-11-30 20:19:16 +00:00
tg f63bcae02c … oh well, but MidnightBSD gcc picks on "" too, so just stick to NULL, it’s cheapest 2012-11-30 19:58:48 +00:00
tg 9a6ebef8ca The MidnightBSD/amd64 system compiler (Target: amd64-undermydesk-freebsd)
gcc version 4.2.1 20070719  [MidnightBSD] has stricter -Wformat checking
2012-11-30 19:51:25 +00:00