3134 Commits

Author SHA1 Message Date
hrs
1a9708cf93 Use getaddrinfo() to fill struct sockaddr_un. It now supports
SOCK_DGRAM and SOCK_SEQPACKET in addition to SOCK_STREAM.
2015-10-03 12:49:05 +00:00
jilles
aca221db9d wordexp: Rewrite to make WRDE_NOCMD reliable.
Shell syntax is too complicated to detect command substitution and unquoted
operators reliably without implementing much of sh's parser. Therefore, have
sh do this detection.

While changing sh's support anyway, also read input from a pipe instead of
arguments to avoid {ARG_MAX} limits and improve privacy, and output count
and length using 16 instead of 8 digits.

The basic concept is:
execl("/bin/sh", "sh", "-c", "freebsd_wordexp ${1:+\"$1\"} -f "$2",
    "", flags & WRDE_NOCMD ? "-p" : "", <pipe with words>);

The WRDE_BADCHAR error is still implemented in libc. POSIX requires us to
fail strings containing unquoted braces with code WRDE_BADCHAR. Since this
is normally not a syntax error in sh, there is still a need for checking
code in libc, we_check().

The new we_check() is an optimistic check that all the characters
  <newline> | & ; < > ( ) { }
are quoted. To avoid duplicating too much sh logic, such characters are
permitted when quoting characters are seen, even if the quoting characters
may themselves be quoted. This code reports all WRDE_BADCHAR errors; bad
characters that get past it and are a syntax error in sh return WRDE_SYNTAX.

Although many implementations of WRDE_NOCMD erroneously allow some command
substitutions (and ours even documented this), there appears to be code that
relies on its security (codesearch.debian.net shows quite a few uses).
Passing untrusted data to wordexp() still exposes a denial of service
possibility and a fairly large attack surface.

Reviewed by:	wblock (man page only)
MFC after:	2 weeks
Relnotes:	yes
Security:	fixes command execution with wordexp(untrusted, WRDE_NOCMD)
2015-09-30 21:32:29 +00:00
ngie
805ec6c7b6 Skip the B_flag testcase to stop blowing up freebsd-current@ with
"test failure emails" because kyua report-jenkins doesn't properly
escape non-printable chars
2015-09-30 17:43:02 +00:00
ngie
85dbaf473e Add initial testcases for bin/ls
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2015-09-28 03:36:15 +00:00
allanjude
9608a36e5e Fix whitespace error in ls(1) detected by igor
Approved by:	bcr (mentor)
Sponsored by:	EuroBSDCon DevSummit
2015-09-27 22:05:20 +00:00
allanjude
94e156ff3a Use one fewer made up words in the ls(1) man page
PR:		203337
Submitted by:	Mike Dame <damemi@gmail.com>
Approved by:	bcr (mentor)
Sponsored by:	EuroBSDCon DevSummit
2015-09-27 22:02:46 +00:00
bdrewery
bdebc05d94 Update META_MODE dependencies. 2015-09-17 05:06:34 +00:00
delphij
db0a2c953d Expose an interface to determine if an ACE is inherited.
Submitted by:	sef
Reviewed by:	trasz
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D3540
2015-09-04 00:14:20 +00:00
jilles
6633d3a788 sh: Allow empty << EOF markers. 2015-09-02 19:49:55 +00:00
jilles
1fb3e6c2bb sh: Fix read with escaped IFS characters at the end.
Characters escaped with a backslash must be treated as if they were not in
IFS. This includes stripping trailing IFS characters.
2015-08-30 17:24:22 +00:00
jilles
699c9af55f sh: Add set -o nolog.
POSIX requires this to prevent entering function definitions in history but
this implementation does nothing except retain the option's value. In ksh88,
function definitions were usually entered in the history file, even when
they came from ~/.profile and the $ENV file, to allow displaying their
definitions.

This is also the first option that does not have a letter.
2015-08-29 19:41:47 +00:00
delphij
958fa04040 Respect locale settings.
MFC after:	2 weeks
2015-08-28 00:49:30 +00:00
delphij
5ec82107b6 Use exit() instead of return in main().
MFC after:	2 weeks
2015-08-28 00:44:58 +00:00
jilles
424480153f sh: Fix out of bounds read when there is no ] after a [:class:].
The initial check for a matching ] was incorrect if a ] may be consumed by a
[:class:]. The subsequent loop assumed that there must be a ].

Remove the initial check and make the loop cope with a missing ].

Found with afl-fuzz.

MFC after:	1 week
2015-08-25 21:55:15 +00:00
marcel
02ffac2cca Upgrade libxo to 0.4.5.
Local changes incorporated by 0.4.5: r284340
Local changes retained: r276260, r282117

Obtained from:	https://github.com/Juniper/libxo
2015-08-24 16:26:20 +00:00
jilles
f504ca457f sh: Don't create bad parse result when postponing a bad substitution error.
An invalid substitution like ${var@} does not cause a parse error but is
stored in the intermediate representation, to be written as part of the
error message. If there is a CTL* byte in the stored part, this confuses
some code such as the code to skip an unused alternative such as in
${var-alternative}.

To keep things simple, do not store CTL* bytes.

Found with afl-fuzz.

MFC after:	1 week
2015-08-23 20:44:53 +00:00
jamie
c4b111a273 Make pkill/pgrep -j ARG take jname, not just jid.
PR:		201588
Submitted by:	Daniel Shahaf <danielsh at apache.org>
MFC after:	3 days
2015-08-22 05:04:36 +00:00
jilles
5e4f40c860 sh: Avoid negative character values from $'\Uffffffff' etc.
The negative value was not expected and generated the low 8 bits as a byte,
which may be an invalid character encoding.

The final shift in creating the negative value was undefined as well.

Make the temporary variable unsigned to fix this.
2015-08-20 22:05:55 +00:00
jilles
5d7936e951 sh: Add test for $'\u' without any digits.
It is likely that $'\uXXXX' and $'\UXXXXXXXX' will allow fewer digits in
future. However, no digits at all should still be disallowed.
2015-08-20 21:31:36 +00:00
jilles
718cf25701 sh: Backslash-newline should not affect field splitting in read builtin.
This was originally broken in r212339 in 2010.
2015-08-16 12:57:17 +00:00
jilles
675e2bd4e4 sh: When setting option via long name, don't go via letter.
Looking up the letter makes no sense and prevents adding options that only
have a long name, no letter.
2015-08-14 21:44:15 +00:00
allanjude
5af1607586 Cast uid and gid to the correct type for display to solve segfault in ls(1) on 32bit arches
Correctly escape literal % for display

This fixes segfaults in 32bit arches caused by r285734

Reviewed by:	ngie
Approved by:	dim
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3191
2015-07-24 20:20:59 +00:00
allanjude
aa7795c019 Remove an excess space accidently introduced in the output in ls(1) by r285734
Spotted by:	dim
Approved by:	eadler (mentor)
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3152
2015-07-22 19:58:21 +00:00
allanjude
f137e0726b Fix some issues with the application of libxo to ls(1)
* Add whitespace trimming to some fields (username, group, size, inode, blocks) to avoid whitespace in JSON strings
* fix -m mode, was invalid JSON (repeated keys), and was missing outer array container
* in -n mode, numeric uids and gids were returned as strings

Approved by:	eadler (mentor)
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D2854
2015-07-21 05:03:59 +00:00
obrien
0a9c353f64 Mention the dd-like recoverdisk(1) to help folks find this great BSD command. 2015-07-16 23:38:12 +00:00
joel
24dc2c5c19 mdoc: minor Xr fixes 2015-07-14 19:45:35 +00:00
bapt
610f9926f9 Prevent potential integer overflow
PR:		192971
Submitted by:	David Carlier <david.carlier@hardenedbsd.org>
2015-07-13 05:59:41 +00:00
bapt
cd420706fe Prevent potential integer overflow
PR:		192971
Submitted by:	David Carlier <david.carlier@hardenedbsd.org>
2015-07-13 05:56:27 +00:00
marius
e81289c189 Since r284198, ls(1) just always depends libxo(3), not only in case of
MK_LS_COLORS or !RELEASE_CRUNCH.
2015-07-12 18:40:31 +00:00
jilles
80b293868f sh(1): libedit has supported multibyte encodings for a while. 2015-07-11 13:07:26 +00:00
jilles
2120b1ed16 mv: Improve message when moving two or more files to non-directory.
The message text is from cp, which has had a nicer message for this since
2007 (PR bin/50656).

As with cp, the exit status changes from 64 to 1.

PR:		201083
MFC after:	1 week
2015-06-28 21:36:00 +00:00
jilles
3c6c0527e6 sh: Fix some arithmetic undefined behaviour.
Fix shifts of possibly negative numbers found with ubsan and avoid signed
integer overflow when hashing an extremely long command name.

MFC after:	1 week
2015-06-24 20:51:48 +00:00
kan
6f06df98ab Continue ubreaking ``env LANG=ru_RU.KOI8-R ls -l''.
File names are in current locale as well.
2015-06-17 04:26:48 +00:00
marcel
211f5e5af7 Unbreak ``env LANG=ru_RU.KOI8-R ls -l''.
Time strings are in the current locale.
2015-06-17 03:12:08 +00:00
sjg
852129abd1 new depends 2015-06-16 23:37:19 +00:00
ngie
14dcd7ffef Start adding tests for bin/ls 2015-06-14 20:52:52 +00:00
sjg
a38a487b8c removed extra keyword 2015-06-13 19:53:24 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sbruno
4b0e592d9f r284198 seems to have left a null format string printf that gcc does *not*
like breaking mips builds.

Submitted by:	Shawn Webb <shawn.webb@hardenedbsd.org>
Obtained from:	HardenedBSD
2015-06-11 02:29:39 +00:00
marcel
d404130e6a Convert ls(1) to use libxo(3).
Obtained from:	Phil Shafer <phil@juniper.net>
Sponsored by:	Juniper Networks, Inc.
2015-06-10 01:27:38 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
bdrewery
70ea701e53 Cleanup some style(9) issues.
- Whitespace.
- Comments.
- Wrap long lines.

MFC after:	2 weeks
X-MFC-with:	r284105,r284106
Sponsored by:	EMC / Isilon Storage Division
2015-06-08 19:24:18 +00:00
delphij
02d6f9793e It has been long time that when doing 'ls -G /path/to/a/symlink', instead of
using the color of symbolic link, the color is determined by the link target.
This behavior was quite confusing.

Looking at the file history, it looks like that r203665 intends to fix this
but the issue was never actually fixed.

Fix this by not setting FTS_COMFOLLOW when color is requested like what was
done in r203665.

MFC after:	2 weeks
2015-06-08 19:13:04 +00:00
bdrewery
4e68976c74 Implement '-s' to copy as symlink, similar to the current -l link(2) handling.
This is also implemented in at least GNU coreutils cp.

While here also improve the '-l' handling to not open(2) the source file as
it does not actually need the descriptor.

Sponsored by:	EMC / Isilon Storage Division
2015-06-07 06:30:25 +00:00
bdrewery
939189542e Cleanup some indentation issues. 2015-06-07 03:49:41 +00:00
pluknet
67e600b15f Change directory permissions in pre-order.
In this order, it won't try to recurse into a directory for which
it doesn't have permission, before changing that permission.
This follows an existing behavior in other BSDs, linux, OS X.

Obtained from:	NetBSD
2015-06-04 19:18:58 +00:00
araujo
b6fe86f52f Remove unused variable, this variable fmtstr was introduced at revision r225868
and it is not used anymore after the convertion to use libxo at revision r283304.

Differential Revision:	D2678
Reviewed by:		marcel
2015-06-01 06:00:04 +00:00
pluknet
f05af1ea39 Document recent p_flag2 additions. 2015-05-27 10:08:31 +00:00
sjg
65145fa4c8 Merge sync of head 2015-05-27 01:19:58 +00:00
marcel
25a1a3fe24 Convert to use libxo. Document use of libxo as well.
Obtained from:  Phil Shafer <phil@juniper.net>
Sponsored by:   Juniper Networks, Inc.
2015-05-22 23:07:55 +00:00