Commit Graph

64 Commits

Author SHA1 Message Date
John Baldwin
c1920558b3 Clean up the vcs ID strings in libc's gen/ directory.
- Move CSRG IDs into __SCCSID().
- When a file has been copied, consistently use 'From: <tag>' for strings
  referencing the version of the source file copied from in the license
  block comment.
- Some of the 'From:' tags were using $FreeBSD$ that was being expanded on
  each checkout.  Fix those to hardcode the FreeBSD tag from the file that
  was copied at the time of the copy.
- When multiple strings are present list them in "chronological" order,
  so CSRG (__SCCSID) before FreeBSD (__FBSDID).  If a file came from
  OtherBSD and contains a CSRG ID from the OtherBSD file, use the order
  CSRG -> OtherBSD -> FreeBSD.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D15831
2018-07-03 17:31:45 +00:00
Pedro F. Giffuni
8a16b7a18f General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
Jilles Tjoelker
8f932310ff glob: Fix comment about collapsing asterisks after r317749.
After r317749, collapsing adjacent asterisks is still required, but for a
different reason.
2017-05-07 19:52:56 +00:00
Conrad Meyer
1365421f09 glob: Fix an overlong line
Trivial style(9) fix, no functional change.  There are also some 81
characters lines below, but I don't see a good way to shorten them.

Sponsored by:	Dell EMC Isilon
2017-05-03 16:34:22 +00:00
Conrad Meyer
241eb37e29 libc glob: Avoid pathological exponential behavior
Adapt glob's match() routine to use a greedy algorithm that avoids
exponential runtime in byzantine inputs.

While here, add a testcase for the byzantine input.

Prompted by:	https://research.swtch.com/glob
Authored by:	Yves Orton <demerphq at gmail.com>
Obtained from:	Perl (33252c318625f3c6c89b816ee88481940e3e6f95)
Sponsored by:	Dell EMC Isilon
2017-05-03 15:55:29 +00:00
Pedro F. Giffuni
9f36610f9e libc: provide some bounds-checking through reallocarray(3).
reallocarray(3) is a non portable extension that originated in OpenBSD.
Given that it is already in FreeBSD's libc it is useful for the cases
where reallocation involves a multiplication.

MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D9955
2017-03-12 16:03:34 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Andrey A. Chernov
20e37fa8ca Although the code amount is not big, move POSIX error processing into
two sepatate functions to make glob(3) code less obscure and more simple.
There is no needs to make them inline since it is error path which supposed
to not happes often.
2016-08-03 09:09:34 +00:00
Andrey A. Chernov
000b8f832a In addition to prev. commit. Since potentially glob2() can return error
without setting errno, restore errno before its call.
2016-07-31 02:28:50 +00:00
Andrey A. Chernov
869eb80c16 Both C99 and POSIX directly prohibits any standard function to set errno
to 0. Breaking this rule in 2001 NetBSD hack was imported which attempts
to workaround very limited glob() return codes amount. Use POSIX-compatible
workaround now with E2BIG which can't comes from other functions used
instead of prohibited 0.
2016-07-31 01:14:06 +00:00
Andrey A. Chernov
15cb786674 Rework r303074 case 4. Don't immediatelly skip directory entries which
cause MAXPATHLEN exceeded. Process them first through gl_errfunc() and
GLOB_ERR.
2016-07-30 03:11:54 +00:00
Andrey A. Chernov
e04d8562b6 Reset errno for readdirfunc() before contunue. 2016-07-30 02:09:11 +00:00
Andrey A. Chernov
a5ab035dd7 1) POSIX defines well when GLOB_NOMATCH or original pattern
(instead) should be returned, so we can't return GLOB_NOMATCH blindly
just because we dislike something in the pattern.

2) Remove extra condition.
2016-07-23 03:49:02 +00:00
Andrey A. Chernov
09264d7448 1) We need the original pattern (in the next round of changes) not only in
case it fully constructed, but for half-constructed too, so have no
other choice to pass original pattern from glob() down to globextend()
instead of attempt to reconstruct I implement previously.

2) Instead of copy&paste the same big enough code, make function for it:
globfinal().
2016-07-23 01:21:58 +00:00
Andrey A. Chernov
bd7a98506c 1) GLOB_BRACE was somewhat broken. First it repeatedly calls glob0() in
globexp1() recursive calls, but glob0() was not supposed to be called
repeatedly in the original code. It finalize results by possible adding
original pattern for no match case, may return GLOB_NOMATCH error and
by sorting all things. Original pattern adding or GLOB_NOMATCH error
can happens each time glob0() called repeatedly, and sorting happens
for one item only, all things are never sorted. Second, f.e. "a{a"
pattern does not match "a{a" file but match "a" file instead
(just one example, there are many). Third, some errors (f.e. for limits
or overflow) can be ignored by GLOB_BRACE code because it forces return (0).
Add non-finalizing flag to glob0() and make globexp0() wrapper around
recursively called globexp1() to finalize things like glob0() does.
Reorganize braces code to work correctly.

2) Don't allow MB_CUR_MAX * strlen overallocation hits GLOB_LIMIT_STRING
(ARG_MAX) limit, use final string length, not malloced space for it.

3) Revive DEBUG-ifdefed section.
2016-07-21 12:53:36 +00:00
Andrey A. Chernov
7455a07a9f In addition to r303074 case 1, search for protected L'/' too in globtilde() 2016-07-20 12:46:21 +00:00
Andrey A. Chernov
aed721ec51 1) Per POSIX (and glibc) GLOB_NOCHECK should return original pattern,
unmodified, if no matches found. But our original code strips all '\'
returning it. Rewrite the code to allow to reconstruct exact the
original pattern with backslashes for this case.

2) Prevent to use truncated pattern if MAXPATHLEN exceeded, return
GLOB_NOMATCH instead.

3) Fix few end loop conditions filling Char arrays with mbrtowc(),
MB_CUR_MAX is unneeded in two places and condition is less by one
in other place.

4) Prevent to use truncated filenames match if MAXPATHLEN exceeded,
skip such directory entries.

5) Don't end *pathend with L'/' in glob3() if limit is reached, this
change will be not visible since error is returned.

6) If error happens in (*readdirfunc)(), do the same GLOB_ABORTED
processing as for g_opendir() as POSIX requires.
2016-07-20 07:30:44 +00:00
Andrey A. Chernov
eef722c337 1) Don't protect \/ and \. even if user say so. They are not special chars
in any case and needed for further processing. For ~ expansion too.

2) Don't terminate *pathend with / when GLOB_LIMIT_STAT is reached, it will
be not visible outside in any case since error is returned.

3) Cosmetic: change if expression to better reflect its semantic.
2016-07-19 00:25:27 +00:00
Andrey A. Chernov
e9c0137235 g_Ctoc() conversion buffers are smaller than needed up to MB_CUR_MAX - 1
since whole conversion needs a room for (len >= MB_CUR_MAX). It is no
difference when MB_CUR_MAX == 1, but for multi-byte locales last few chars
('\0' and before) may need just one byte, and the rest of MB_CUR_MAX - 1
space becomes unavailable in the MAXPATHLEN-sized buffer, which cause
conversion error on near MAXPATHLEN long pathes.

Increase g_Ctoc() conversion buffers to MB_LEN_MAX - 1.
2016-07-18 20:24:13 +00:00
Andrey A. Chernov
d67355c507 Change patch from r303004 case 3. According to POSIX gl_errfunc should be
called first, then GLOB_ERR should be considered.
2016-07-18 19:20:49 +00:00
Andrey A. Chernov
196d61a92b 1) Add all characters from ~ expansion as protected to be not interpreted
as pattern meta chars.

2) GLOB_ERR and gl_errfunc are supposed to work only for real directories
per POSIX, so don't act on missing or plain files, for ENOENT or ENOTDIR
(as TODO in the code suggested).

3) Remove the hack in the manpage describing how to skip ENOENT and ENOTDIR
in gl_errfunc, it is unneeded now.

4) Set errno to ENAMETOOLONG if g_Ctoc() expansion fails in g_opendir(),
as in other places in the code which are wrappers around system functions.
2016-07-18 18:24:31 +00:00
Andrey A. Chernov
f4d4982ea6 1) POSIX defines well when GLOB_ABORTED can be returned (only for directory
open/read errors and with GLOB_ERR and gl_errfunc processing), so we can't
blindly return it on any MAXPATHLEN overflow. Even our manpage disagrees
with such GLOB_ABORTED usage. Use GLOB_NOSPACE for that now with errno is
set to 0 as for limits.

2) Return GLOB_NOSPACE when valid ~ expansion can't happens due to
MAXPATHLEN overflow too.

3) POSIX (and our manpage) says, if GLOB_ERR is set, GLOB_ABORTED should
be returned immediatelly, without using gl_errfunc. Implement it now.
2016-07-18 16:06:21 +00:00
Andrey A. Chernov
7e9488dda3 In g_Ctoc() apply CHAR() macro to *str to strip all flags. It gains nothing
right now, but some architectures theoretically may 64-bit wchar_t and the
code looks more correct.
2016-07-17 11:25:24 +00:00
Andrey A. Chernov
aa3d69a636 1) This file full of direct char <-> wchar_t assignment, not converted, cut
them down. This hack still remains:
 * 2. Illegal byte sequences in filenames are handled by treating them as
 *    single-byte characters with a values of such bytes of the sequence
 *    cast to wchar_t.

2) Reword the comment in the hack above to reflect implementation.

3) Protect signed wchar_t from sign extension when a signed char is assigned
to it in the hack above.

3) Corresponding backward hack in g_Ctoc() was not implemented, so all
pathes with illegal byte sequences are skipped as result, implement it now.

4) globtilde() forget to convert expanded user home dir from multibyte to
wchar.

5) Protect globtilde() from long expansion truncation.

6) Results was not sorted according to collate as POSIX requires.
2016-07-17 09:39:59 +00:00
Andrey A. Chernov
12eae8c8f3 1) Eliminate possibility to call __*collate_range_cmp() with inclomplete
locale (which cause core dump) by removing whole 'table' argument
by which it passed.

2) Restore __collate_range_cmp() in __sccl().

3) Collating [a-z] range in regcomp() only for single bytes locales
(we can't do it now for other ones). In previous state only first 256
wchars are considered and all others are just silently dropped from the
range.
2016-07-14 09:07:25 +00:00
Andrey A. Chernov
1daad8f5ad Back out non-collating [a-z] ranges.
Instead of changing whole course to another POSIX-permitted way
for consistency and uniformity I decide to completely ignore missing
regex fucntionality and concentrace on fixing bugs in what we have now,
too many small obstacles instead, counting ports.
2016-07-14 08:18:12 +00:00
Andrey A. Chernov
5a5807dd4c Remove broken support for collation in [a-z] type ranges.
Only first 256 wide chars are considered currently, all other are just
dropped from the range. Proper implementation require reverse tables
database lookup, since objects are really big as max UTF-8 (1114112
code points), so just the same scanning as it was for 256 chars will
slow things down.

POSIX does not require collation for [a-z] type ranges and does not
prohibit it for non-POSIX locales. POSIX require collation for ranges
only for POSIX (or C) locale which is equal to ASCII and binary for
other chars, so we already have it.

No other *BSD implements collation for [a-z] type ranges.

Restore ABI compatibility with unused now __collate_range_cmp() which
is visible from outside (will be removed later).
2016-07-10 03:49:38 +00:00
Pedro F. Giffuni
3c2c0c0443 libc/locale: Fix type breakage in __collate_range_cmp().
When collation support was brought in, the second and third
arguments in __collate_range_cmp() were changed from int to
wchar_t, breaking the ABI. Change them to a "char" type which
makes more sense and keeps the ABI compatible.

Also introduce __wcollate_range_cmp() which does work with wide
characters. This function is used only internally in libc so
we don't export it. Use the new function in glob(3), fnmatch(3),
and regexec(3).

PR:		179721
Suggested by:	ache. jilles
MFC after:	3 weeks (perhaps partial only)
2016-06-05 19:12:52 +00:00
Craig Rodrigues
3e2981e8b8 Use proper function prototype for readdir().
Eliminates -Wstrict-prototypes warning

Submitted by: Joerg Sonnenberger <joerg@dragonflybsd.org>
Obtained from: DragonFlyBSD (commit 2a6aec8dab58c89961cabcfdb92e0d0ae256dea4)
2015-09-22 07:40:55 +00:00
Ed Maste
b4c19408e9 Spelling correction 2013-04-11 20:15:37 +00:00
Marcel Moolenaar
daab0b01ed Protect against DoS attacks, such as being described in CVE-2010-2632.
The changes were derived from what has been committed to NetBSD, with
modifications. These are:
1.  Preserve the existsing GLOB_LIMIT behaviour by including the number
    of matches to the set of parameters to limit.
2.  Change some of the limits to avoid impacting normal use cases:
    GLOB_LIMIT_STRING - change from 65536 to ARG_MAX so that glob(3)
	can still provide a full command line of expanded names.
    GLOB_LIMIT_STAT - change from 128 to 1024 for no other reason than
	that 128 feels too low (it's not a limit that impacts the
	behaviour of the test program listed in CVE-2010-2632).
    GLOB_LIMIT_PATH - change from 1024 to 65536 so that glob(3) can
	still provide a fill command line of expanded names.
3.  Protect against buffer overruns when we hit the GLOB_LIMIT_STAT or
    GLOB_LIMIT_READDIR limits. We append SEP and EOS to pathend in
    those cases. Return GLOB_ABORTED instead of GLOB_NOSPACE when we
    would otherwise overrun the buffer.

This change also modifies the existing behaviour of glob(3) in case
GLOB_LIMIT is specifies by limiting the *new* matches and not all
matches. This is an important distinction when GLOB_APPEND is set or
when the caller uses a non-zero gl_offs. Previously pre-existing
matches or the value of gl_offs would be counted in the number of
matches even though the man page states that glob(3) would return
GLOB_NOSPACE when gl_matchc or more matches were found.

The limits that cannot be circumvented are GLOB_LIMIT_STRING and
GLOB_LIMIT_PATH all others can be crossed by simply calling glob(3)
again and with GLOB_APPEND set.

The entire description above applies only when GLOB_LIMIT has been
specified of course. No limits apply when this flag isn't set!

Obtained from: Juniper Networks, Inc
2012-12-01 21:26:46 +00:00
Marcel Moolenaar
43cc14e088 In globextend(), take advantage of the fact that realloc(NULL, size) is
equivalent to malloc(size). This eliminates the conditional expression
used for calling either realloc() or malloc() when realloc() will do
all the time.
2012-12-01 17:50:39 +00:00
Marcel Moolenaar
b628fac5ea In globextend() when the pathv vector cannot be (re-)allocated, don't
free and clear the gl_pathv pointer in the glob_t structure. Such
breaks the invariant of the glob_t structure, as stated in the comment
right in front of the globextend() function. If gl_pathv was non-NULL,
then gl_pathc was > 0. Making gl_pathv a NULL pointer without also
setting gl_pathc to 0 is wrong.

Since we otherwise don't free the memory associated with a glob_t in
error cases, it's unlikely that this change will cause a memory leak
that wasn't already there to begin with. Callers of glob(3) must
call globfree(3) irrespective of whether glob(3) returned an error
or not.
2012-12-01 17:44:06 +00:00
Eitan Adler
855291741d - Fix style(9) bugs in glob.c
Approved by:	jilles
2011-12-20 22:56:44 +00:00
Eitan Adler
0d6d372c03 - Add restrict keyword to glob(3)
PR:		kern/161958
Submitted by:	Henning Petersen <henning.petersen@t-online.de>
Approved by:	jilles
MFC after:	3 days
2011-12-20 22:56:13 +00:00
David Chisnall
3c87aa1d3d Implement xlocale APIs from Darwin, mainly for use by libc++. This adds a
load of _l suffixed versions of various standard library functions that use
the global locale, making them take an explicit locale parameter.  Also
adds support for per-thread locales.  This work was funded by the FreeBSD
Foundation.

Please test any code you have that uses the C standard locale functions!

Reviewed by:    das (gdtoa changes)
Approved by:    dim (mentor)
2011-11-20 14:45:42 +00:00
Gordon Tetlow
5b3fab81ab Fix a bug due to a type conversion from 64 to 32 bits. The side effect of
this type conversion is the high bits which were used to indicate if a
special character was a literal or special were dropped. As a result, all
special character were treated as special, even if they were supposed to
be literals.

Reviewed by:	gad@
Approved by:	mentor (wes@)
2010-05-12 17:44:00 +00:00
Mike Makonnen
34a087543a Gcc barfs in glob.c when run with -O3. To fix this make g_strchr() work on
and return (const Char *) pointers instead of just (Char *) and get rid of
all the type casting.

PR:		kern/124334
2008-06-26 07:12:35 +00:00
Warner Losh
c879ae3536 Per Regents of the University of Calfornia letter, remove advertising
clause.

# If I've done so improperly on a file, please let me know.
2007-01-09 00:28:16 +00:00
Xin LI
1cec70ad72 - ANSIfy.
- Remove two unnecessary casts.

These changes would help gcc4 compile.
2006-06-05 18:22:13 +00:00
Andrey A. Chernov
4b767fa67f Reflect size_t changes in glob.h
Obtained from: NetBSD (mostly)
2006-05-22 06:33:19 +00:00
Andrey A. Chernov
369316a848 Don't reuse *pl to skip [], it is already used for {} parts in the loop above
(submitted patch slightly modified)

PR:             86038
Submitted by:   Gerd Rausch <gerd@juniper.net>
2005-09-14 19:14:32 +00:00
Tim J. Robbins
e9346e012d Add support for multibyte characters. 2004-07-29 03:48:52 +00:00
Tim J. Robbins
4539e95a0f Remove incomplete support for running FreeBSD userland on old NetBSD kernels
lacking the issetugid() and utrace() syscalls.
2003-10-29 10:45:01 +00:00
Mike Heffner
4a59c3ab55 Update glob(3) to add all the POSIX required options, specifically:
- add GLOB_NOMATCH return value and use it when we don't get a match
- rename GLOB_ABEND to GLOB_ABORTED and use it instead of returning 1
  in some places
- add GLOB_NOESCAPE flag and retire GLOB_QUOTE to compatibility
  section

Suggestions/advice on correct usage of POSIX defines: wollman
2002-07-17 04:58:09 +00:00
David E. O'Brien
b231cb3945 * Remove __P and convert to ANSI prototypes.
* Remove 'register'.  (some functions had 7+ register functions...)
* Fix SCM ID's.
2002-02-01 01:32:19 +00:00
Mike Heffner
75dc5f1a82 Rename the GLOB_MAXPATH flag of glob(3) to GLOB_LIMIT to be compatible
with NetBSD and OpenBSD. glob(3) will now return GLOB_NOSPACE with
errno set to 0 instead of GLOB_LIMIT when we match more than `gl_matchc'
patterns. GLOB_MAXPATH has been left as an alias of GLOB_LIMIT to
maintain backwards compatibility.

Reviewed by:	sheldonh, assar
Obtained from:	NetBSD/OpenBSD
2001-07-29 00:52:37 +00:00
Peter Wemm
487dbd927f Mostly pick up OpenBSD's rev 1.14 by deraadt@ and millert@.
I've left out a couple of unused args between internal functions.
Use MAXPATHLEN, not MAXPATHLEN + 1 in a couple of places.
Pass a pointer to the end of the target filename space.
2001-03-28 23:55:51 +00:00
Peter Wemm
27d52f6943 OpenBSD's g_Ctoc() returned a false error when the target buffer was
exactly the right size.  Do it differently - pass a length rather than an
end-of-string+1 pointer as this is more convenient anyway.  Get rid of
the bogus +1's.
2001-03-28 10:56:11 +00:00
Peter Wemm
76e2bc010d Fix g_Ctoc() interface, approximately based on OpenBSD's recent changes.
Also, set gl_pathv to NULL after we free it, especially when dealing
with realloc failures.

Obtained from: OpenBSD
2001-03-28 09:53:16 +00:00