Commit Graph

896 Commits

Author SHA1 Message Date
Joel Dahl
afc5a69a1d Minor mdoc fix. 2012-09-11 17:57:03 +00:00
Jilles Tjoelker
36f7fbeae8 sh: Remove XXX comment about removing nextopt().
Using nextopt() avoids depending on the BSD-specific optreset feature in
getopt() and reduces code size (both source and binary).
2012-09-08 19:24:03 +00:00
Jilles Tjoelker
1794251add sh: Fix EINTR race condition in "wait" and "set -T" using sigsuspend().
When waiting for child processes using "wait" or if "set -T" is in effect, a
signal interrupts the wait. Make sure there is no window where the signal
handler may be invoked (setting a flag) just before going to sleep.

There is a similar race condition in the shell language, but scripts can
avoid it by exiting from the trap handler or enforcing synchronization using
a fifo.

If SIGCHLD is not trapped, a signal handler must be installed for it. Only
install this handler for the duration of the wait to avoid triggering
unexpected [EINTR] errors elsewhere.

Note that for some reason only SIGINT and SIGQUIT interrupt a "wait"
command. This remains the case.
2012-07-29 18:04:38 +00:00
Jilles Tjoelker
fb05913c5d sh: Do not ask for stopped/continued processes if we do not need them
rather than retrying wait3 if they happen.
2012-07-28 15:13:48 +00:00
Jilles Tjoelker
61fb716ac9 sh: Inline waitproc() into its only caller. 2012-07-28 14:56:50 +00:00
Jilles Tjoelker
faa787d323 sh: Track continued jobs (even if not continued by bg or fg).
This uses wait3's WCONTINUED flag.

There is no message for this. The change is visible in "jobs" or if the job
stops again.
2012-07-28 14:32:55 +00:00
Jilles Tjoelker
fa7ccda2c4 sh: Reset pendingsigs before checking pending traps, not after.
Otherwise, a signal arriving at exactly the right moment might not be
processed until another signal arrived.
2012-07-15 11:18:52 +00:00
Jilles Tjoelker
184dcee217 sh: Remove unused variable in_dowait. 2012-07-15 10:49:16 +00:00
Jilles Tjoelker
84fbdd8ca0 sh: Expand assignment-like words specially for export/readonly/local.
Examples:
  export x=~
now expands the tilde
  local y=$1
is now safe, even if $1 contains IFS characters or metacharacters.

For a word to "look like an assignment", it must start with a name followed
by an equals sign, none of which may be quoted.

The special treatment applies when the first word (potentially after
"command") is "export", "readonly" or "local". There may be quoting
characters but no expansions. If "local" is overridden with a function there
is no special treatment ("export" and "readonly" cannot be overridden with a
function).

If things like
  local arr=(1 2 3)
are ever allowed in the future, they cannot call a "local" function. This
would either be a run-time error or it would call the builtin.

This matches Austin Group bug #351, planned for the next issue of POSIX.1.

PR:		bin/166771
2012-07-15 10:19:43 +00:00
Pedro F. Giffuni
00c43e0ca4 Merge libedit adjustment from NetBSD.
On recent versions of NetBSD's libedit, el_gets
now sets el_len to -1 on error so we can
distinguish between a NULL string and an error.

This fixes sh from exiting with newer versions
of libedit now allowing EINTR to return.

Obtained from:	NetBSD
Reviewed by:	jilles
MFC after:	3 weeks
2012-07-11 22:17:58 +00:00
Marcel Moolenaar
937b0a997b Work better with how make/bmake works:
1.  Avoid a cd back into ${.CURDIR} to run mkbuiltins when we know make
    will first cd into ${.OBJDIR}. Keep the cwd to what make sets it to.
2.  Don't tell mkbuiltins where to write to (= ${.OBJDIR}), but where to
    get sources from (= ${.CURDIR}). This to compensate for point 1.

This fixes a problem with bmake's mk files that optimize ${.OBJDIR} to
expand to "." after changing cwd, not taking into account that the
target is pretty much undoing that and not getting the full path to the
object tree anymore.
2012-05-24 19:48:15 +00:00
Jilles Tjoelker
ad859ed8cf sh: Remove an unused header.
The read builtin no longer does things with termios.
2012-05-15 22:50:47 +00:00
Joel Dahl
35471bf8ef Minor mdoc nits. 2012-05-13 14:16:04 +00:00
Joel Dahl
748611c9c0 mdoc: fix column names, indentation, column separation within each row, and
quotation. Also make sure we have the same amount of columns in each row as
the number of columns we specify in the head arguments.

Reviewed by:	brueffer
2012-04-07 09:05:30 +00:00
Jilles Tjoelker
b95fca474d sh: Fix build with -DDEBUG=2.
Reported by:	Kristof Provost
MFC after:	1 week
2012-04-02 17:16:24 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Joel Dahl
904d0726c8 Remove superfluous paragraph macro. 2012-03-25 09:20:14 +00:00
Jilles Tjoelker
c0b3cf0676 sh: Make 'hash' return 1 if at least one utility is not found.
Reported by:	lme
2012-02-11 21:06:45 +00:00
Jilles Tjoelker
33233ec76e sh: Fix swapped INTON/INTOFF.
A possible consequence of this bug was a memory leak if SIGINT arrived
during a 'set' command (listing variables).

MFC after:	1 week
2012-02-04 23:29:07 +00:00
Jilles Tjoelker
caf29fab8c sh: Use vfork in a few common cases.
This uses vfork() for simple commands and command substitutions containing a
single simple command, invoking an external program under certain conditions
(no redirections or variable assignments, non-interactive shell, no job
control). These restrictions limit the amount of code executed in a vforked
child.

There is a large speedup (for example 35%) in microbenchmarks. The
difference in buildkernel is smaller (for example 0.5%) but still
statistically significant. See
http://lists.freebsd.org/pipermail/freebsd-hackers/2012-January/037581.html
for some numbers.

The use of vfork() can be disabled by setting a variable named
SH_DISABLE_VFORK.
2012-02-04 23:12:14 +00:00
Philippe Charnier
2fae4c3d95 Add prototypes, ANSIfy functions definitions to reduce WARNS=6 output. 2012-01-25 08:42:19 +00:00
Jilles Tjoelker
6eff4a75d5 sh: Fix $? in the first command of a 'for'.
In the first command of a 'for', $? should be the exit status of the last
pipeline (command substitution in the word list or command before 'for'),
not always 0.
2012-01-22 14:00:33 +00:00
Jilles Tjoelker
0105d7224d sh: Remove "kill" example function, which is superseded by the kill builtin
MFC after:	1 week
2012-01-21 20:39:17 +00:00
Jean-Sébastien Pédron
01a43bcf7b sh: Fix execution of multiple statements in a trap when evalskip is set
Before this fix, only the first statement of the trap was executed if
evalskip was set. This is for example the case when:
    o  "-e" is set for this shell
    o  a trap is set on EXIT
    o  a function returns 1 and causes the script to abort

Reviewed by:	jilles
MFC after:	2 weeks
2012-01-16 11:07:46 +00:00
Jilles Tjoelker
93fcb2511b sh: Fix some bugs with exit status from case containing ;&.
Also, rework evalcase() to not evaluate any tree. Instead, return the
NCLISTFALLTHRU node and handle it in evaltree().

Fixed bugs:

* If a ;& list with non-zero exit status is followed by an empty ;; or final
  list, the exit status of the case command should be equal to the exit
  status of the ;& list, not 0.

* An empty ;& case should not reset $?.
2012-01-15 21:39:38 +00:00
Jilles Tjoelker
92371efca2 sh: Fix two bugs with case and exit status:
* If no pattern is matched, POSIX says the exit status shall be 0 (even if
  there are command substitutions).
* If a pattern is matched and there are no command substitutions, the first
  command should see the $? from before the case command, not always 0.
2012-01-15 20:04:05 +00:00
Jilles Tjoelker
7f40c1f876 sh: Change input buffer size from 1023 to 1024.
PR:		bin/161756
2012-01-14 22:46:18 +00:00
Jilles Tjoelker
52c450395a sh: Fix out of bounds array access when trap is used with an invalid signal.
MFC after:	1 week
2012-01-14 21:54:12 +00:00
Jilles Tjoelker
e94e3511bd sh: Properly show "Not a directory" error in cd builtin.
The errno message display added in r222292 did not take attempting to
cd to a non-directory or something that cannot be stat()ed into account.

PR:		bin/164070
MFC after:	10 days
2012-01-13 23:32:27 +00:00
Jilles Tjoelker
260fc3f4d2 sh: Make various functions static. 2012-01-01 22:17:12 +00:00
Jilles Tjoelker
f6d3a9b03f sh: Remove unused function scopyn(). 2012-01-01 22:15:38 +00:00
Jilles Tjoelker
820491f824 sh: Make patmatch() non-recursive. 2012-01-01 20:50:19 +00:00
Jilles Tjoelker
3a1b9c9e82 sh: Allow quoting ^ and ] in bracket expressions. 2011-12-28 23:51:17 +00:00
Jilles Tjoelker
6e8db49a44 sh: Use dirent.d_type in pathname generation.
This improves performance for globs where a slash or another component
follows a component with metacharacters by eliminating unnecessary attempts
to open directories that are not.
2011-12-28 23:40:46 +00:00
Jilles Tjoelker
7a2b9d4b38 sh: Cache de->d_namlen in a local variable. 2011-12-28 23:30:17 +00:00
Jilles Tjoelker
a82f5687bf sh: Do not force special builtins non-special in optimized command subst.
This is not necessary: errors are already caught in evalbackcmd() and
forcelocal handles changes to variables.

Note that this depends on r223024.

MFC after:	4 weeks
2011-12-28 22:10:12 +00:00
Jilles Tjoelker
03f33e912d sh: Remove impossible evalskip check in 'for'. 2011-11-27 00:09:59 +00:00
Jilles Tjoelker
a157dc4d90 sh: Reduce one level of evaltree() recursion when executing 'case'.
Free expanded case text before executing commands.
Remove impossible evalskip checks (expanding an argument cannot set
evalskip anymore since $(break) and the like are properly executed in a
subshell environment).
2011-11-26 23:28:31 +00:00
Jilles Tjoelker
bf3db314f7 sh: Allow unsetting OPTIND.
Note that only assigning the decimal value 1 resets getopts, as before.
2011-11-20 21:48:50 +00:00
Jilles Tjoelker
876f9b7800 sh: Remove undefined behaviour due to overflow in +/-/* in arithmetic.
With i386 base gcc and i386 base clang, arith_yacc.o remains unchanged.
2011-11-08 23:54:39 +00:00
Jilles Tjoelker
ad56ebdc15 sh(1): Improve documentation of field splitting. 2011-11-05 21:56:45 +00:00
Jilles Tjoelker
51a514adf2 sh(1): Extend documentation about subshells.
Because sh executes commands in subshell environments without forking in
more and more cases (particularly from 8.0 on), it makes sense to describe
subshell environments more precisely using ideas from POSIX, together with
some FreeBSD-specific items.

In particular, the hash and times builtins may not behave as if their state
is copied for a subshell environment while leaving the parent shell
environment unchanged.
2011-07-10 15:02:25 +00:00
Jilles Tjoelker
4004e05e8a sh: Include <limits.h> instead of non-standard <sys/limits.h>. 2011-06-26 20:12:05 +00:00
Jilles Tjoelker
519c4ef391 sh(1): Improve documentation of shell patterns:
* Shell patterns are also for ${var#pat} and the like.
* An '!' by itself will not trigger pathname generation so do not call it a
  meta-character, even though it has a special meaning directly after an
  '['.
* Character ranges are locale-dependent.
* A '^' will complement a character class like '!' but is non-standard.

MFC after:	1 week
2011-06-24 22:08:26 +00:00
Jilles Tjoelker
b97989d659 sh(1): Document the case command better.
Suggested by:	netchild
Reviewed by:	gjb
2011-06-24 20:23:50 +00:00
Kevin Lo
ecd9e552d0 Remove duplicated header files 2011-06-24 07:29:04 +00:00
Jilles Tjoelker
47e5204ee3 sh: Remove special support for background simple commands.
It expands the arguments in the parent shell process, which is incorrect.
2011-06-18 23:58:59 +00:00
Jilles Tjoelker
54b16435b7 sh: Add do-nothing -h option.
POSIX requires a -h option to sh and set, to locate and remember utilities
invoked by functions as they are defined. Given that this
locate-and-remember process is optional elsewhere, it seems safe enough to
make this option do nothing.

POSIX does not specify a long name for this option. Follow ksh in calling it
"trackall".
2011-06-18 23:43:28 +00:00
Jilles Tjoelker
c9afaa6389 sh: Add case statement fallthrough (with ';&' instead of ';;').
Replacing ;; with the new control operator ;& will cause the next list to be
executed as well without checking its pattern, continuing until a list ends
with ;; or until the end of the case statement. This is like omitting
"break" in a C "switch" statement.

The sequence ;& was formerly invalid.

This feature is proposed for the next POSIX issue in Austin Group issue
#449.
2011-06-17 13:03:49 +00:00
Jilles Tjoelker
f5f215e251 sh: Skip variables with invalid names in "set", "export -p", "readonly -p".
This ensures the output of these commands is valid shell input.
2011-06-17 10:21:24 +00:00
Jilles Tjoelker
c5aef5377c sh: Reduce unnecessary forks with eval.
The eval special builtin now runs the code with EV_EXIT if it was run
with EV_EXIT itself.

In particular, this eliminates one fork when a command substitution contains
an eval command that ends with an external program or a subshell.

This is similar to what r220978 did for functions.
2011-06-16 21:50:28 +00:00
Jilles Tjoelker
ff4dc67299 sh: Add support for named character classes in bracket expressions.
Example:
  case x in [[:alpha:]]) echo yes ;; esac
2011-06-15 21:48:10 +00:00
Jilles Tjoelker
454a02b372 sh: Fix duplicate prototypes for builtins.
Have mkbuiltins write the prototypes for the *cmd functions to builtins.h
instead of builtins.c and include builtins.h in more .c files instead of
duplicating prototypes for *cmd functions in other headers.
2011-06-13 21:03:27 +00:00
Jilles Tjoelker
c543e1ae9e sh: Save/restore changed variables in optimized command substitution.
In optimized command substitution, save and restore any variables changed by
expansions (${var=value} and $((var=assigned))), instead of trying to
determine if an expansion may cause such changes.

If $! is referenced in optimized command substitution, do not cause jobs to
be remembered longer.

This fixes $(jobs $!) again, simplifies the man page and shortens the code.
2011-06-12 23:06:04 +00:00
Jilles Tjoelker
f5ac5937d3 sh: Fix locale-dependent ranges in bracket expressions.
When I added UTF-8 support in r221646, the LC_COLLATE-based ordering broke
because of sign extension of char.

Because of libc restrictions, this does not work for UTF-8. For UTF-8
locales, ranges always use character code order.
2011-06-12 12:54:52 +00:00
Jilles Tjoelker
c5f4fe06fe sh: Read .profile from the home directory (or / if HOME is not set).
In most cases, login shells are started from the home directory, but not in
all, such as xterm -ls.

This commit depends on r222957 for read_profile() performing parameter
expansion.

PR:		bin/50569
2011-06-12 10:13:48 +00:00
Jilles Tjoelker
1a62d8843d sh: Do parameter expansion on ENV before using it.
This is required by POSIX, and allows things like ENV=\$HOME/.shrc.

Note that tilde expansion is explicitly not performed.
2011-06-10 22:42:00 +00:00
Jilles Tjoelker
292e667663 sh: Do parameter expansion before printing PS4 (set -x).
The function name expandstr() and the general idea of doing this kind of
expansion by treating the text as a here document without end marker is from
dash.

All variants of parameter expansion and arithmetic expansion also work (the
latter is not required by POSIX but it does not take extra code and many
other shells also allow it).

Command substitution is prevented because I think it causes too much code to
be re-entered (for example creating an unbounded recursion of trace lines).

Unfortunately, our LINENO is somewhat crude, otherwise PS4='$LINENO+ ' would
be quite useful.
2011-06-09 23:12:23 +00:00
Jilles Tjoelker
b3f892d9e0 sh: Fix $? in heredocs on simple commands.
PR:		bin/41410
2011-06-05 14:13:15 +00:00
Jilles Tjoelker
af449f7fef sh: Improve error message if the script cannot be opened.
Avoid "<nosuchfile>: cannot open <nosuchfile>: ...".
2011-06-04 22:19:00 +00:00
Jilles Tjoelker
47a5ab295a sh: Reduce more needless differences between error messages. 2011-06-04 15:05:52 +00:00
Jilles Tjoelker
9338c85c31 sh: Honour -n while processing -c string. 2011-06-04 11:28:42 +00:00
Jilles Tjoelker
8d5a14301f sh: Remove the "exp" builtin.
The "exp" builtin is undocumented, non-standard and not very useful.

If exp's return value is not used, something like
VAR=$(exp EXPRESSION)
is equivalent to
VAR=$((EXPRESSION))
except that errors in the expression are fatal and quoting special
characters is not needed in the latter case.

If exp's return value is used, something like
if exp EXPRESSION >/dev/null
can be replaced by
if [ $((EXPRESSION)) -ne 0 ]
with similar differences.

The exp-run showed that "let" is close enough to bash's and ksh's builtin
that removing it would break a few ports. Therefore, "let" remains in 9.x.

PR:		bin/104432
Exp-run done by: pav (with some other sh(1) changes)
2011-05-27 20:53:07 +00:00
Jilles Tjoelker
64fa41f3e1 sh: Correct criterion for using CDPATH in cd.
CDPATH should be ignored not only for pathnames starting with '/' but also
for pathnames whose first component is '.' or '..'.

The man page already describes this behaviour.
2011-05-27 20:01:46 +00:00
Jilles Tjoelker
241f15dfaf sh: Various updates to the TOUR document. 2011-05-27 16:00:37 +00:00
Jilles Tjoelker
715a0dd556 sh: Fix unquoted $@/$* if IFS=''.
If IFS is null, unquoted $@/$* should still expand to separate words.
This differs from quoted $@ (which does not depend on IFS) in that pathname
generation is performed and empty words are removed.
2011-05-27 15:56:13 +00:00
Jilles Tjoelker
168b9dd182 sh: Show errno messages in cd. 2011-05-25 21:38:16 +00:00
Jilles Tjoelker
f3ac36e151 sh: Remove obsolete token type TENDBQUOTE.
This token type was related to Almquist's original version of backquotes
that could not nest and fell into disuse fairly soon.
2011-05-22 15:24:56 +00:00
Ulrich Spörlein
bf2fe08eea Fix some typos under bin/
Found by:	codespell
2011-05-22 14:03:46 +00:00
Jilles Tjoelker
c9e93e6739 sh: Fix bss-based buffer overflow in . builtin.
If the length of a directory in PATH together with the given filename
exceeded FILENAME_MAX (which may happen even for pathnames that work), a
static buffer was overflown.

The static buffer is unnecessary, we can use the stalloc() stack.

Obtained from:	NetBSD
MFC after:	1 week
2011-05-22 12:12:28 +00:00
Jilles Tjoelker
05a447d0b9 sh: Expand aliases after assignments and redirections. 2011-05-21 22:03:06 +00:00
Jilles Tjoelker
d6ee26ad02 sh: Implement the cd -e flag proposed for the next POSIX issue.
This reflects failure to determine the pathname of the new directory in the
exit status (1). Normally, cd returns successfully if it did chdir() and the
call was successful.

In POSIX, -e only has meaning with -P; because our -L is not entirely
compliant and may fall back to -P mode, -e has some effect with -L as well.
2011-05-20 22:55:18 +00:00
Jilles Tjoelker
85307c9ed9 sh: Allow terminating a heredoc with a terminator at EOF without a newline.
This is sometimes used with eval or old-style command substitution, and most
shells other than ash derivatives allow it.

It can also be used with scripts that violate POSIX's requirement on the
application that they end in a newline (scripts must be text files except
that line length is unlimited).

Example:
v=`cat <<EOF
foo
EOF`
echo $v

This commit does not add support for the similar construct with new-style
command substitution, like
v=$(cat <<EOF
foo
EOF)
This continues to require a newline after the terminator.
2011-05-20 16:03:36 +00:00
Jilles Tjoelker
258ef734e7 sh: Minor optimization to output from ulimit/export/readonly.
No functional change is intended.
2011-05-15 22:09:27 +00:00
Jilles Tjoelker
e64a11e9eb sh: Avoid close(-1) when evaluating a multi-command pipeline.
Valgrind complains about this.
2011-05-15 17:00:43 +00:00
Jilles Tjoelker
07eb7033a6 sh: Add \u/\U support (in $'...') for UTF-8.
Because we have no iconv in base, support for other charsets is not
possible.

Note that \u/\U are processed using the locale that was active when the
shell started. This is necessary to avoid behaviour that depends on the
parse/execute split (for example when placing braces around an entire
script). Therefore, UTF-8 encoding is implemented manually.
2011-05-08 17:40:10 +00:00
Jilles Tjoelker
3a99ed469a sh: Optimize variable code by storing the length of the name.
Obtained from:	NetBSD
2011-05-08 16:15:50 +00:00
Jilles Tjoelker
50df342447 sh(1): Update BUGS section for UTF-8 support. 2011-05-08 14:03:44 +00:00
Jilles Tjoelker
7cc6b3df80 sh: Add UTF-8 support to pattern matching.
?, [...] patterns match codepoints instead of bytes. They do not match
invalid sequences. [...] patterns must not contain invalid sequences
otherwise they will not match anything. This is so that ${var#?} removes the
first codepoint, not the first byte, without putting UTF-8 knowledge into
the ${var#pattern} code. However, * continues to match any string and an
invalid sequence matches an identical invalid sequence. (This differs from
fnmatch(3).)
2011-05-08 11:32:20 +00:00
Jilles Tjoelker
4c244ed255 sh: Add UTF-8 support to ${#var}.
If the current locale uses UTF-8, ${#var} counts codepoints (more precisely,
bytes b with (b & 0xc0) != 0x80).
2011-05-07 14:32:16 +00:00
Jilles Tjoelker
6ed74a0a1c sh: Track if the current locale's charset is UTF-8 or not. 2011-05-06 22:31:27 +00:00
Jilles Tjoelker
c76aed958b sh: Change the CTL* bytes to ones invalid in UTF-8.
This ensures that mbrtowc(3) can be used directly once it has been verified
that there is no CTL* byte. Dealing with a CTLESC byte within a multibyte
character would be complicated.

The new values do occur in iso-8859-* encodings. This decreases efficiency
slightly but should not affect correctness.

Caveat: Updating across this change and rebuilding without cleaning may
yield a subtly broken sh binary. By default, make buildworld will clean and
avoid problems.
2011-05-06 20:45:50 +00:00
Jilles Tjoelker
a62ab0274a sh: Add $'quoting' (C-style escape sequences).
A string between $' and ' may contain backslash escape sequences similar to
the ones in a C string constant (except that a single-quote must be escaped
and a double-quote need not be). Details are in the sh(1) man page.

This construct is useful to include unprintable characters, tabs and
newlines in strings; while this can be done with a command substitution
containing a printf command, that needs ugly workarounds if the result is to
end with a newline as command substitution removes all trailing newlines.

The construct may also be useful in future to describe unprintable
characters without needing to write those characters themselves in 'set -x',
'export -p' and the like.

The implementation attempts to comply to the proposal for the next issue of
the POSIX specification. Because this construct is not in POSIX.1-2008,
using it in scripts intended to be portable is unwise.

Matching the minimal locale support in the rest of sh, the \u and \U
sequences are currently not useful.

Exp-run done by: pav (with some other sh(1) changes)
2011-05-05 20:55:55 +00:00
Jilles Tjoelker
3937fc9c26 sh: Apply set -u to variables in arithmetic.
Note that this only applies to variables that are actually used.
Things like (0 && unsetvar) do not cause an error.

Exp-run done by: pav (with some other sh(1) changes)
2011-05-04 22:12:22 +00:00
Jilles Tjoelker
fc0818fef3 sh: Detect an error for ${#var<GARBAGE>}.
In particular, this makes things like ${#foo[0]} and ${#foo[@]} errors
rather than silent equivalents of ${#foo}.

PR:		bin/151720
Submitted by:	Mark Johnston
Exp-run done by: pav (with some other sh(1) changes)
2011-05-04 21:49:34 +00:00
Jilles Tjoelker
03b3a844d0 sh: Set $? to 0 for background commands.
For backgrounded pipelines and subshells, the previous value of $? was being
preserved, which is incorrect.

For backgrounded simple commands containing a command substitution, the
status of the last command substitution was returned instead of 0.

If fork() fails, this is an error.
2011-04-25 20:54:12 +00:00
Jilles Tjoelker
92a1de471c sh: Check setuid()/setgid() return values.
If the -p option is turned off, privileges from a setuid or setgid binary
are dropped. Make sure to check if this succeeds. If it fails, this is an
error which will cause the shell to abort except in interactive mode or if
'command' was used to make 'set' or an outer 'eval' or '.' non-special.

Note that taking advantage of this feature and writing setuid shell scripts
seems unwise.

MFC after:	1 week
2011-04-25 10:14:29 +00:00
Jilles Tjoelker
b7b23db5e2 sh: Remove duplicate code resetting uid/gid for set +p/+o privileged.
MFC after:	1 week
2011-04-25 10:08:34 +00:00
Jilles Tjoelker
45496405c6 sh: Allow EV_EXIT through function calls, make {...} <redir more consistent.
If EV_EXIT causes an exit, use the exception mechanism to unwind
redirections and local variables. This way, if the final command is a
redirected command, an EXIT trap now executes without the redirections.

Because of these changes, EV_EXIT can now be inherited by the body of a
function, so do so. This means that a function no longer prevents a fork
before an exec being skipped, such as in
  f() { head -1 /etc/passwd; }; echo $(f)

Wrapping a single builtin in a function may still cause an otherwise
unnecessary fork with command substitution, however.

An exit command or -e failure still invokes the EXIT trap with the
original redirections and local variables in place.

Note: this depends on SHELLPROC being gone. A SHELLPROC depended on
keeping the redirections and local variables and only cleaning up the
state to restore them.
2011-04-23 22:28:56 +00:00
Jilles Tjoelker
caa7ccdc54 sh: Do not word split "${#parameter}".
This is only a problem if IFS contains digits, which is unusual but valid.

Because of an incorrect fix for PR bin/12137, "${#parameter}" was treated
as ${#parameter}. The underlying problem was that "${#parameter}"
erroneously added CTLESC bytes before determining the length. This
was properly fixed for PR bin/56147 but the incorrect fix was not backed
out.

Reported by:	Seeker on forums.freebsd.org
MFC after:	2 weeks
2011-04-20 22:24:54 +00:00
Jilles Tjoelker
ef89d04f13 sh(1): Describe subshell environment, command substitution more correctly.
POSIX does not require the shell to fork for a subshell environment, and we
use that possibility in various ways (command substitutions with a single
command and most subshells that are the final command of a shell process).
Therefore do not tie subshells to forking in the man page.

Command substitutions with expansions are a bit strange, causing a fork for
$(...$(($x))...) because $x might expand to y=2; they will probably be
changed later but this is how they work now.
2011-03-20 23:52:45 +00:00
Jilles Tjoelker
35c641ed21 sh: Fix some parameter expansion variants ${#...}.
These already worked: $# ${#} ${##} ${#-} ${#?}
These now work as well: ${#+word} ${#-word} ${##word} ${#%word}

There is an ambiguity in the standard with ${#?}: it could be the length of
$? or it could be $# giving an error in the (impossible) case that it is not
set. We continue to use the former interpretation as it seems more useful.
2011-03-13 20:02:39 +00:00
Stefan Farfeleder
5db2bbd692 Remove unnecessary cast.
Reviewed by:	jilles
2011-03-07 07:31:15 +00:00
Jilles Tjoelker
ea381e691a sh(1): Reduce excessive semicolon-separated sentences.
Reported by:	Benjamin Kaduk
2011-03-06 21:20:53 +00:00
Jilles Tjoelker
976018d24f sh: Fix some warnings in code for arithmetic expressions.
Submitted by:	eadler
2011-03-05 13:27:13 +00:00
Rebecca Cran
6bccea7c2b Fix typos - remove duplicate "the".
PR:	bin/154928
Submitted by:	Eitan Adler <lists at eitanadler.com>
MFC after: 	3 days
2011-02-21 09:01:34 +00:00
Jilles Tjoelker
e9749129ad sh: Detect dividing the smallest integer by -1.
This overflows and on some architectures such as amd64 it generates SIGFPE.
Generate an error on all architectures.
2011-02-12 23:44:05 +00:00
Jilles Tjoelker
075b72ef01 sh(1): Update description of arithmetic. 2011-02-08 23:19:40 +00:00
Jilles Tjoelker
6262b84eee sh: Import arithmetic expression code from dash.
New features:
* proper lazy evaluation of || and &&
* ?: ternary operator
* executable is considerably smaller (8K on i386) because lex and yacc are
  no longer used

Differences from dash:
* arith_t instead of intmax_t
* imaxdiv() not used
* unset or null variables default to 0
* let/exp builtin (undocumented, will probably be removed later)

Obtained from:	dash
2011-02-08 23:18:06 +00:00
Jilles Tjoelker
b15e9aa322 sh: Fix two things about {(...)} <redir:
* In {(...) <redir1;} <redir2, do not drop redir1.
* Maintain the difference between (...) <redir and {(...)} <redir:
  In (...) <redir, the redirection is performed in the child, while in
  {(...)} <redir it should be performed in the parent (like {(...); :;}
  <redir)
2011-02-05 15:02:19 +00:00
Jilles Tjoelker
c059d82290 sh: Remove clearcmdentry()'s now unused argument. 2011-02-05 14:08:51 +00:00
Jilles Tjoelker
ef0cb80dd4 sh: Forget all cached command locations on any PATH change.
POSIX requires this and it is simpler than the previous code that remembered
command locations when appending directories to PATH.

In particular,
  PATH=$PATH
is no longer a no-op but discards all cached command locations.
2011-02-05 14:01:46 +00:00
Jilles Tjoelker
604e8224f8 sh: Do not try to execute binary files as scripts.
If execve() returns an [ENOEXEC] error, check if the file is binary before
trying to execute it using sh. A file is considered binary if at least one
of the first 256 bytes is '\0'.

In particular, trying to execute ELF binaries for the wrong architecture now
fails with an "Exec format error" message instead of syntax errors and
potentially strange results.
2011-02-05 12:54:59 +00:00
Jilles Tjoelker
3835f47c7e sh: Remove special code for shell scripts without magic number.
These are called "shell procedures" in the source.

If execve() failed with [ENOEXEC], the shell would reinitialize itself
and execute the program as a script. This requires a fair amount of code
which is not frequently used (most scripts have a #! magic number).
Therefore just execute a new instance of sh (_PATH_BSHELL) to run the
script.
2011-02-04 22:47:55 +00:00
Jilles Tjoelker
12dacf622b Make sys_signame upper case.
This matches the constants from <signal.h> with 'SIG' removed, which POSIX
requires kill and trap to accept and 'kill -l' to write.

'kill -l', 'trap', 'trap -l' output is now upper case.

In Turkish locales, signal names with an upper case 'I' are now accepted,
while signal names with a lower case 'i' are no longer accepted, and the
output of 'killall -l' now contains proper capital 'I' without dot instead
of a dotted capital 'I'.
2011-02-04 16:40:50 +00:00
Jilles Tjoelker
834d160b3a sh: Return only 126 or 127 for execve() failures.
Do not return 2 for errors other than [EACCES] or [ENOENT].
2011-02-03 23:38:11 +00:00
Jilles Tjoelker
3e0b768c63 sh: Remove comment mentioning herefd, which is gone. 2011-02-02 21:48:53 +00:00
Jilles Tjoelker
b9f696953d sh: Send messages about signals to stderr.
This is required by POSIX and seems to make more sense.

See also r217557.
2011-01-30 22:57:52 +00:00
Jilles Tjoelker
cff1d84937 sh: Clean up some old comments:
* There is no plan for an alternative to the command "set".
* Attempting to unset a readonly variable has not raised an error for quite
  a while, so the order of unsetting a variable and a function with the same
  name does not matter.

MFC after:	1 week
2011-01-25 20:56:18 +00:00
Jilles Tjoelker
0d5ccb45d8 sh: Fix signal messages being sent to the wrong file sometimes.
When a foreground job exits on a signal, a message is printed to stdout
about this. The buffer was not flushed after this which could result in the
message being written to the wrong file if the next command was a builtin
and had stdout redirected.

Example:
  sh -c 'kill -9 $$'; : > foo; echo FOO:; cat foo

Reported by:	gcooper
MFC after:	1 week
2011-01-18 21:18:31 +00:00
Jilles Tjoelker
421fb02139 sh(1): Document changes to 'exit' from traps. 2011-01-16 14:11:50 +00:00
Jilles Tjoelker
ebdfd6dc4d sh: If exit is used without args from a trap action, exit on the signal.
This is useful so that it is easier to exit on a signal than to reset the
trap to default and resend the signal. It matches ksh93. POSIX says that
'exit' without args from a trap action uses the exit status from the last
command before the trap, which is different from 'exit $?' and matches this
if the previous command is assumed to have exited on the signal.

If the signal is SIGSTOP, SIGTSTP, SIGTTIN or SIGTTOU, or if the default
action for the signal is to ignore it, a normal _exit(2) is done with exit
status 128+signal_number.
2011-01-16 13:56:41 +00:00
Jilles Tjoelker
a043cc4c68 sh: Fix some things about -- in trap:
* Make 'trap --' do the same as 'trap' instead of nothing.
* Make '--' stop option processing (note that '-' action is not an option).

Side effect: The error message for an unknown option is different.
2011-01-15 21:09:00 +00:00
Jilles Tjoelker
45b3c17647 sh: Make 'trap -l' look like 'kill -l'. 2011-01-14 21:30:27 +00:00
Jilles Tjoelker
33a8413363 sh: Follow-up to r216743, grabstackblock() can be replaced with stalloc().
grabstackblock() was used only once (but it is a very often executed piece
of code).
2011-01-09 22:47:58 +00:00
Jilles Tjoelker
4b45b49a70 sh: Remove special %builtin PATH entry.
All builtins are now always found before a PATH search.

Most ash derivatives have an undocumented feature where the presence of an
entry "%builtin" in $PATH will cause builtins to be checked at that point of
the PATH search, rather than before looking at any directories as documented
in the man page (very old versions do document this feature).

I am removing this feature from sh, as it complicates the code, may violate
expectations (for example, /usr/bin/alias is very close to a forkbomb with
PATH=/usr/bin:%builtin, only /usr/bin/builtin not being another link saves
it) and appears to be unused (all the %builtin google code search finds is
in some sort of ash source code).

Note that aliases and functions took and take precedence above builtins.
Because aliases work on a lexical level they can only ever be overridden on
a lexical level (quoting or preceding 'builtin' or 'command'). Allowing
override of functions via PATH does not really fit in the model of sh and it
would work differently from %builtin if implemented.

Note: POSIX says special builtins are found before functions. We comply to
this because we do not allow functions with the same name as a special
builtin.

Silence from:	freebsd-hackers@ (message sent 20101225)
Discussed with:	dougb
2011-01-09 21:07:30 +00:00
Jilles Tjoelker
70df11eaad sh: Make exit without parameters from EXIT trap POSIX-compliant.
It should use the original exit status, just like falling off the
end of the trap handler.

Outside an EXIT trap, 'exit' is still equivalent to 'exit $?'.
2011-01-08 23:08:13 +00:00
Jilles Tjoelker
e23a66ac83 sh: Do not call exitshell() from evalcommand() unless evalcommand() forked
itself.

This ensures that certain traps caused by builtins are executed.
2011-01-05 23:17:29 +00:00
Jilles Tjoelker
850460c0f1 sh: Check readonly status for assignments on regular builtins.
An error message is written, the builtin is not executed, nonzero exit
status is returned but the shell does not abort.

This was already checked for special builtins and external commands, with
the same consequences except that the shell aborts for special builtins.

Obtained from:	NetBSD
2011-01-01 13:26:18 +00:00
Jilles Tjoelker
09683f46b9 sh: Check if dup2 for redirection from/to a file succeeds.
A failure (e.g. caused by ulimit -n being set very low) is a redirection
error.

Example:
  ulimit -n 9; exec 9<.
2010-12-31 18:20:17 +00:00
Jilles Tjoelker
11535bdf04 sh: Avoid side effects from builtins in optimized command substitution.
Change the criterion for builtins to be safe to execute in the same process
in optimized command substitution from a blacklist of only cd, . and eval to
a whitelist.

This avoids clobbering the main shell environment such as by $(exit 4) and
$(set -x).

The builtins jobid, jobs, times and trap can still show information not
available in a child process; this is deliberately permitted. (Changing
traps is not.)

For some builtins, whether they are safe depends on the arguments passed to
them. Some of these are always considered unsafe to keep things simple; this
only harms efficiency a little in the rare case they are used alone in a
command substitution.
2010-12-30 22:33:55 +00:00
Jilles Tjoelker
685a270543 sh: Properly restore exception handler in fc.
If SIGINT arrived at exactly the right moment (unlikely), an exception
handler in a no longer active stack frame would be called.

Because the old handler was not used in the normal path, clang thought it
was a dead value and if an exception happened it would longjmp() to garbage.
This caused builtins/fc1.0 to fail if histedit.c was compiled with clang.

MFC after:	1 week
2010-12-29 19:39:51 +00:00
Jilles Tjoelker
acd7984f96 sh: Don't do optimized command substitution if expansions have side effects.
Before considering to execute a command substitution in the same process,
check if any of the expansions may have a side effect; if so, execute it in
a new process just like happens if it is not a single simple command.

Although the check happens at run time, it is a static check that does not
depend on current state. It is triggered by:
- expanding $! (which may cause the job to be remembered)
- ${var=value} default value assignment
- assignment operators in arithmetic
- parameter substitutions in arithmetic except ${#param}, $$, $# and $?
- command substitutions in arithmetic

This means that $((v+1)) does not prevent optimized command substitution,
whereas $(($v+1)) does, because $v might expand to something containing
assignment operators.

Scripts should not depend on these exact details for correctness. It is also
imaginable to have the shell fork if and when a side effect is encountered
or to create a new temporary namespace for variables.

Due to the $! change, the construct $(jobs $!) no longer works. The value of
$! should be stored in a variable outside command substitution first.
2010-12-28 21:27:08 +00:00
Jilles Tjoelker
45b71cd16e sh: Make expansion errors in optimized command substitution non-fatal.
Command substitutions consisting of a single simple command are executed in
the main shell process but this should be invisible apart from performance
and very few exceptions such as $(trap).
2010-12-28 13:28:24 +00:00
Jilles Tjoelker
ff802dc7bb sh: Simplify "stack string" code slightly.
Maintain a pointer to the end of the stack string area instead of how much
space is left. This simplifies the macros in memalloc.h. The places where
the new variable must be updated are only where the memory area is created,
destroyed or resized.
2010-12-27 22:18:27 +00:00
Jilles Tjoelker
78962f36d2 sh: Fix integer overflow check, it checked an uninitialized variable. 2010-12-26 13:41:53 +00:00
Jilles Tjoelker
d8f32e7287 sh: Allow arbitrary large numbers in CHECKSTRSPACE.
Reduce "stack string" API somewhat and simplify code.
Add a check for integer overflow of the "stack string" length (probably
incomplete).
2010-12-26 13:25:47 +00:00
Jilles Tjoelker
12dfb7a554 sh(1): Explain why it is a bad idea to use aliases in scripts. 2010-12-21 22:48:56 +00:00
Jilles Tjoelker
0a62a9caa9 sh: Add kill builtin.
This allows specifying a %job (which is equivalent to the corresponding
process group).

Additionally, it improves reliability of kill from sh in high-load
situations and ensures "kill" finds the correct utility regardless of PATH,
as required by POSIX (unless the undocumented %builtin mechanism is used).

Side effect: fatal errors (any error other than kill(2) failure) now return
exit status 2 instead of 1. (This is consistent with other sh builtins, but
not in NetBSD.)

Code size increases about 1K on i386.

Obtained from:	NetBSD
2010-12-21 22:47:34 +00:00
Jilles Tjoelker
5fe9123ff5 sh: Add a function to print warnings (with command name and newline).
This is like error() but without raising an exception.
It is particularly useful as a replacement for the warnx macro in
bltin/bltin.h.
2010-12-21 20:47:06 +00:00
Jilles Tjoelker
6a6760db7f sh: Make warnings in the printf builtin non-fatal, like in the program.
The #define for warnx now behaves much like the libc function (except that
it uses sh command name and output).

Also, it now uses C99 __VA_ARGS__ so there is no need for three different
macros for 0, 1 or 2 parameters.
2010-12-20 23:06:57 +00:00
Jilles Tjoelker
79357531c8 sh: arith: Disallow decimal constants starting with 0 (containing 8 or 9).
Constants in arithmetic starting with 0 should be octal only.

This avoids the following highly puzzling result:
  $ echo $((018-017))
  3
by making it an error instead.
2010-12-18 23:03:51 +00:00
Ulrich Spörlein
f6b767b026 Remove dead code.
c is assigned 0 and *loc is pointing to NULL, so c!=0 cannot be true,
and dereferencing loc would be a bad idea anyway.

Coverity Prevent:	CID 5113
Reviewed by:		jilles
2010-12-18 22:16:15 +00:00
Jilles Tjoelker
fa0951d63a sh: Fix corruption of command substitutions with special chars after newline
The CTLESC byte to protect a special character was output before instead of
after a newline directly preceding the special character.

The special handling of newlines is because command substitutions discard
all trailing newlines.
2010-12-16 23:28:20 +00:00
Ulrich Spörlein
326b41010a Remove duplicate check, turning dead code into live code.
Coverity CID:	5114
Reviewed by:	jilles
2010-12-13 10:48:49 +00:00
Jilles Tjoelker
b036c75b4c sh: Various simplifications to jobs.c:
* Prefer kill(-X) to killpg(X).
* Remove some dead code.
* No additional SIGINT is needed if int_pending() is already true.

No functional change is intended.
2010-12-12 22:59:34 +00:00
Jilles Tjoelker
9f5a68a002 sh: Remove the herefd hack.
The herefd hack wrote out partial here documents while expanding them. It
seems unnecessary complication given that other expansions just allocate
memory. It causes bugs because the stack is also used for intermediate
results such as arithmetic expressions. Such places should disable herefd
for the duration but not all of them do, and I prefer removing the need for
disabling herefd to disabling it everywhere needed.

Here documents larger than 1024 bytes will use a bit more CPU time and
memory.

Additionally this allows a later change to expand here documents in the
current shell environment. (This is faster for small here documents but also
changes behaviour.)

Obtained from:	dash
2010-12-12 00:07:27 +00:00
Jilles Tjoelker
f7dea8517f sh: Replace some macros and repeated code in expand.c with functions.
No functional change is intended, but the binary is about 1K smaller on
i386.
2010-12-11 22:13:29 +00:00
Jilles Tjoelker
6903c6832e sh: Use vsnprintf() rather than crafting our own in fmtstr().
Add INTOFF/INTON as longjmp out of vsnprintf may cause memory leaks or
undefined behaviour.
2010-12-11 17:47:27 +00:00
Jilles Tjoelker
c67712a089 sh: Improve internal-representation-to-text code to avoid binary output.
The code to translate the internal representation to text did not know about
various additions to the internal representation since the original ash and
therefore wrote binary stuff to the terminal.

The code is used in the jobs command and similar output.

Note that the output is far from complete and mostly serves for recognition
purposes.
2010-12-06 23:49:27 +00:00
Jilles Tjoelker
fa9e5d05a3 sh: POSIX says there should not be a space between Done and (exitstatus).
(On the other hand, (core dumped) does need a space and so does [1] +.)
2010-12-05 22:56:46 +00:00
Jilles Tjoelker
1bb49f9524 sh: Improve jobs output of pipelines.
If describing the status of a pipeline, write all elements of the pipeline
and show the status of the last process (which would also end up in $?).
Only write one report per job, not one for every process that exits.

To keep some earlier behaviour, if any process started by the shell in a
foreground job terminates because of a signal, write a message about the
signal (at most one message per job, however).

Also, do not write messages about signals in the wait builtin in
non-interactive shells. Only true foreground jobs now write such messages
(for example, "Terminated").
2010-12-05 22:37:01 +00:00
Jilles Tjoelker
ff304d3732 sh: Avoid marking a job as done before it is fully created.
In r208489, I added code to reap zombies when forking new processes, to
limit the amount of zombies. However, this can lead to marking a job as done
or stopped if it consists of multiple processes and the first process ends
very quickly. Fix this by only checking for zombies before forking the first
process of a job and not marking any jobs without processes as done or
stopped.
2010-12-05 21:53:29 +00:00
Jilles Tjoelker
5af61b5251 sh: jobs -p: Do not ask the kernel for the pgid.
The getpgid() call will fail if the first process in the job has already
terminated, resulting in output of "-1".

The pgid of a job is always the pid of the first process in the job and
other code already relies on this.
2010-12-05 16:09:03 +00:00
Jilles Tjoelker
25f6b31fac sh(1): Clean up documentation of built-in commands.
Make sure all built-in commands are in the subsection named such, except
exp, let and wordexp which are deliberately undocumented. The text said only
built-ins that really need to be a built-in were documented there but in
fact almost all of them were already documented.
2010-12-03 23:24:27 +00:00
Jilles Tjoelker
b97d13b399 sh(1): Document that command's -p option also works with -v/-V.
This was implemented in r201343.
2010-12-01 23:26:32 +00:00
Jilles Tjoelker
9d37e15722 sh: Code size optimizations to "stack string" memory allocation:
* Prefer one CHECKSTRSPACE with multiple USTPUTC to multiple STPUTC.
* Add STPUTS macro (based on function) and use it instead of loops that add
  nul-terminated strings to the stack string.

No functional change is intended, but code size is about 1K less on i386.
2010-11-23 22:17:39 +00:00
Jilles Tjoelker
0bee28331e sh: Pass multiple bytes at a time to lex.
This speeds up the expansion/arith6.0 test considerably.
2010-11-23 20:46:06 +00:00
Jilles Tjoelker
ae7f47355d sh: Fix confusing behaviour if chdir succeeded but getcwd failed in cd -P.
If getcwd fails, do not treat this as an error, but print a warning and
unset PWD. This is similar to the behaviour when starting the shell in a
directory whose name cannot be determined.
2010-11-22 23:49:06 +00:00
Rebecca Cran
1161d4202c Fix some more warnings found by clang. 2010-11-22 20:10:48 +00:00