The parsed internal representation of words consists of a byte string with a
list of nodes (commands in command substitution). Each unescaped CTLBACKQ or
CTLBACKQ | CTLQUOTE byte corresponds to an entry in the list.
If param in ${param#%##%%word} is not set, the word is not expanded (in a
deviation of POSIX shared with other ash variants and ksh93). Erroneously,
the pointer in the list of commands (argbackq) was not advanced. This caused
the wrong command to be executed later if the outer word contained another
command substitution.
Example:
echo "${unsetvar#$(echo a)}$(echo b)"
wrote "a" but should write "b".
MFC after: 1 week
The exit status will be 124, as the timeout(1) utility uses.
Reviewed by: jilles
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D9697
A follow-up fix for r314685.
Because the -w flag is parsed after ps(1) infers termwidth from COLUMNS and
stdout, and UNLIMITED happens to be the zero value, the single -w flag in
combination with a non-terminal stdout or COLUMNS=0 could result in output
truncated at 131 characters. (Despite the output being unlimited without
-w.)
Obviously, adding more -w shouldn't truncate output lines.
The committed patch is from bdrewery@, and I've reviewed and tested it.
Submitted by: bdrewery@
Reported by: bdrewery@
Sponsored by: Dell EMC Isilon
Store the result in a proper long and then compare to the proper pid_t
for overflow, so that no MD assumptions are made.
Reviewed by: jilles
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D9887
Code like t=$(stat -f %m "$file") segfaulted if -T was active and a trap
was taken while the shell was waiting for the child process to finish.
What happened was that the dotrap() call in waitforjob() was hit. This
re-entered command execution (including expand.c) at a point not expected by
expbackq(), and global state (unallocated stack string and argbackq) was
corrupted.
To fix this, change expbackq() to prepare for command execution to be
re-entered.
Reported by: bdrewery
MFC after: 1 week
If stdout isn't a tty, use unlimited width output rather than truncating to
79 characters. This is helpful for shell scripts or e.g., 'ps | grep foo'.
This hardcoded width has some history: In The Beginning of History[0], the
width of ps was hardcoded as 80 bytes. In 1985, Bloom@ added detection
using TIOCGWINSZ on stdin.[1] In 1986, Kirk merged a change to check
stdout's window size instead. In 1990, the fallback checks to stderr and
stdin's TIOCGWINSZ were added by Marc@, with the commit message "new
version."[2]
OS X Darwin has a very similar modification to ps(1), which simply sets
UNLIMITED for all non-tty outputs.[3] I've chosen to respect COLUMNS
instead of behaving identically to Darwin here, but I don't feel strongly
about that. We could match OS X for parity if that is desired.
[0]: https://svnweb.freebsd.org/csrg/bin/ps/ps.c?annotate=1065
[1]: https://svnweb.freebsd.org/csrg/bin/ps/ps.c?r1=18105&r2=18106
[2]:
https://svnweb.freebsd.org/csrg/bin/ps/ps.c?r1=40675&r2=40674&pathrev=40675
[3]:
https://opensource.apple.com/source/adv_cmds/adv_cmds-168/ps/ps.c.auto.html
PR: 217159
Reported by: Deepak Nagaraj <n.deepak at gmail.com>
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
The use of DES for anything is discouraged, especially with a static IV of 0
If you still need bdes(1) to decrypt Kirk's video lectures, see
security/bdes in ports.
This commit brought to you by the FOSDEM DevSummit and the
"remove unneeded dependancies on openssl in base" working group
Reviewed by: bapt, brnrd
Relnotes: yes
Sponsored by: FOSDEM DevSummit
Differential Revision: https://reviews.freebsd.org/D9424
The problem here is that the archive is too short (< 512 bytes). The
buffer routines, try to read at least 512 bytes, even when we try to
determine what format file we have, which is wrong.
Obtained from: NetBSD (CVS rev 1.26)
MFC after: 5 days
Unlike UFS or TMPFS, ZFS sets uarch automatically whenever a file is
updated. The test must explicitly clear uarch to be portable across
filesystems. Also, it doesn't need to run as root.
PR: 215179
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D8741
The return type for both fread(3) and fwrite(3) cannot be negative, this
renders some checks invalid and variable 'ct' unnecessary.
Also bump 'len' to size_t to avoid signed/unsigned comparison warnings.
kinfo_proc::ki_tdname is three characters shorter than
thread::td_name. Add a ki_moretdname field for these three
extra characters. Add the new field to kinfo_proc32, as well.
Update all in-tree consumers to read the new field and assemble
the full name, except for lldb's HostThreadFreeBSD.cpp, which
I will handle separately. Bump __FreeBSD_version.
Reviewed by: kib
MFC after: 1 week
Relnotes: yes
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D8722
dd is a bootstrap tool and that header isn't installed as part of the
bootstrap environment for previous releases (eg freebsd-10.)
We'll figure it out in post and then re-commit it.
X1000 systems on chips.
Imgtec CI20 and Ingenic CANNA boards supported.
Submitted by: Alexander Kabaev <kan@FreeBSD.org>
Reviewed by: Ruslan Bukin <br@FreeBSD.org>
Sponsored by: DARPA, AFRL
Trivially capsicumize some simple programs that just interact with
stdio. This list of programs uses 'pledge("stdio")' in OpenBSD.
No objection from: allanjude, emaste, oshogbo
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8307
Per Austin group issue #884, always set IFS to $' \t\n'. As before, IFS will
be exported iff it was in the environment.
Most shells (e.g. bash, ksh93 and mksh) already did this. This change
improves predictability, in that scripts can simply rely on the default
value.
However, the effect on security is little, since applications should not be
calling the shell with attacker-controlled environment variable names in the
first place and other security-sensitive variables such as PATH should be
and are imported by the shell.
When using a new sh with an old (before 10.2) libc wordexp(), IFS is no
longer passed on. Otherwise, wordexp() continues to pass along IFS from the
environment per its documentation.
Discussed with: pfg
Relnotes: yes
Rather than producing a misleading error message when duplicate -l flags are
provided to df(1), simply ignore extra flags and proceed as if only one was
specified. This seems most reasonable given the usage for -l:
-l Only display information about locally-mounted file systems.
l and t flags still conflict, as before.
PR: 208169
Reported by: by at reorigin.com
Reviewed by: allanjude
Some of the ls(1) tests create really large sparse files to validate
the number formatting features of ls(1). Unfortunately, those tests fail
if the underlying test file system does not support sparse files, as is the
case when /tmp is mounted on tmpfs.
Before running these tests, check if the test file system supports sparse
files by using getconf(1) and skip them if not. Note that the support for
this query was just added to getconf(1) in r304694.
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D7609
with cat(1)
cat -be on FreeBSD doesn't align the $ with the start of the line
like NetBSD, et al's cat -be does
PR: 210607
Sponsored by: EMC / Isilon Storage Division
- Some of the lib/libc and lib/thr tests fail
- lib/msun/exp_test:exp2_values now passes with clang 3.8.0
The Makefiles in contrib/netbsd-tests were pruned as they have no value
Sponsored by: EMC / Isilon Storage Division
target. Due to a way issignal() selects the next signal to deliver
and report, if the simultaneous or already pending another signal
exists, that signal might be reported by the next waitpid(2) call.
This causes minor annoyance for debuggers, which must be prepared to
take any signal as the first event, then filter SIGSTOP later.
More importantly, for tools like gcore(1), which attach and then
detach without processing events, SIGSTOP might leak to be delivered
after PT_DETACH. This results in the process being unintentionally
stopped after detach, which is fatal for automatic tools.
The solution is to force SIGSTOP to be the first signal reported after
the attach. Attach code is modified to set P2_PTRACE_FSTP to indicate
that the attaching ritual was not yet finished, and issignal() prefers
SIGSTOP in that condition. Also, the thread which handles
P2_PTRACE_FSTP is made to guarantee to own p_xthread during the first
waitpid(2). All that ensures that SIGSTOP is consumed first.
Additionally, if P2_PTRACE_FSTP is still set on detach, which means
that waitpid(2) was not called at all, SIGSTOP is removed from the
queue, ensuring that the process is resumed on detach.
In issignal(), when acting on STOPing signals, remove the signal from
queue before suspending. Otherwise parallel attach could result in
ptracestop() acting on that STOP as if it was the STOP signal from the
attach. Then SIGSTOP from attach leaks again.
As a minor refactoring, some bits of the common attach code is moved
to new helper proc_set_traced().
Reported by: markj
Reviewed by: jhb, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D7256
Instead of changing the whole course to another POSIX-permitted way
for consistency and uniformity I decide to completely ignore missing
regex fucntionality and focus on fixing bugs in what we have now,
too many small obstacles we have choicing other way, counting ports.
Corresponding libc changes are backed out in r302824.
On machines where SIZE_T_MAX exceeds OFF_MAX (signed 64-bit), permit seeking
character devices to negative off_t values. This enables dd(1) to interact
with kernel KVA in /dev/kmem on amd64, for example.
Sponsored by: EMC / Isilon Storage Division
This is the same issue as r297997, but was missed in it.
The WARNS value changes between 'build-tools' (MK_WARNS=no) and
'everything' resulting in a rebuild of this file.
Approved by: re (implicit)
Sponsored by: EMC / Isilon Storage Division
The fix in r300649 was not sufficient to convince Coverity that the
buffer was NUL terminated, even with the buffer pre-zeroed. Swap
the size and nmemb arguments to fread() so that a valid lenght is
returned, which we can use to terminate the string in the buffer
at the correct location. This should also quiet the complaint about
the return value of fread() not being checked.
Reported by: Coverity
CID: 1019054, 1009614
MFC after: 1 week
The first file in these lists will generate everything else so only
it should be getting a .meta file. With bmake's missing=yes meta
feature these would otherwise cause a rebuild without the
.NOMETA hint.
Sponsored by: EMC / Isilon Storage Division
ki_flag and ki_tdflag have been 'long', not 'int', since 2000 and 2005,
respectively.
Submitted by: Shawn Wills <swills at isilon dot com>
Sponsored by: EMC / Isilon Storage Division
case of \c in the prompt format string is a no-op. We already passed
this test at the top of the loop, and i has not yet been incremented in
this path. Change this test to (i < PROMPTLEN - 2).
Reported by: Coverity
CID: 1008328
Reviewed by: cem
MFC after: 1 week
This will make things more flexible if the program path changes in the future,
and the test in and of itself doesn't call /usr/bin/bc -- it just calls bc
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
There is no need to to call strdup() on the value returned by fmt().
The latter calls fmt_argv() which always returns a dynamically
allocated string, and calling strdup() on that leaks the memory
allocated by fmt_argv(). Wave some const magic on ki_args and
ki_env to make the direct assignment happy. This requires a tweak
to the asprintf() case to avoid a const vs. non-const mismatch.
Reported by: Coverity
CID: 1011370
MFC after: 1 week
Replace the magic constant 127 in the loop interation count with
"PROMPTLEN - 1".
gethostname() is not guaranteed to NUL terminate the destination
string if it is too short. Decrease the length passed to gethostname()
by one, and add a NUL at the end of the buffer to make sure the
following loop to find the end of the name properly terminates.
The default: case is the likely cause of Coverity CID 1008328. If
i is 126 at the top of the loop interation where the default case
is triggered, i will be incremented to 127 by the default case,
then incremented to 128 at the top of the loop before being compared
to 127 (PROMPTLENT - 1) and terminating the loop. Then the NUL
termination code after the loop will write to ps[128]. Fix by
checking for overflow before incrementing the index and storing the
second character in the buffer.
These fixes are not guaranteed to satisfy Coverity. The code that
increments i in the 'h'/'H' and 'w'/'W' cases may be beyond its
capability to analyze, but the code appears to be safe.
Reported by: Coverity
CID: 1008328
Reviewed by: jilles, cem
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D6482
- Use arc4random_uniform(3).
- Prevent a segmentation fault when ed receives a signal
while being in getpass(). [1]
Obtained from: OpenBSD [1] (CVS Rev. 1.15)
MFC after: 2 weeks
When getline(3) in 2009 was added a _WITH_GETLINE guard has also been added.
This rename is made in preparation for the removal of this guard
Obtained from: NetBSD