173 Commits

Author SHA1 Message Date
jilles
a81357fbe9 sh: Do not try to execute binary files as scripts.
If execve() returns an [ENOEXEC] error, check if the file is binary before
trying to execute it using sh. A file is considered binary if at least one
of the first 256 bytes is '\0'.

In particular, trying to execute ELF binaries for the wrong architecture now
fails with an "Exec format error" message instead of syntax errors and
potentially strange results.
2011-02-05 12:54:59 +00:00
jilles
0bf07f466d sh: Add test for shell script without '#!'. 2011-02-02 22:03:18 +00:00
jilles
8605caacbf sh: Send messages about signals to stderr.
This is required by POSIX and seems to make more sense.

See also r217557.
2011-01-30 22:57:52 +00:00
jilles
15823a2b44 sh: Add test for EXIT trap in command substitution.
This is not really realistic but is an opposition to $(trap).
2011-01-27 23:08:20 +00:00
jilles
460d7b088e sh: Fix signal messages being sent to the wrong file sometimes.
When a foreground job exits on a signal, a message is printed to stdout
about this. The buffer was not flushed after this which could result in the
message being written to the wrong file if the next command was a builtin
and had stdout redirected.

Example:
  sh -c 'kill -9 $$'; : > foo; echo FOO:; cat foo

Reported by:	gcooper
MFC after:	1 week
2011-01-18 21:18:31 +00:00
jilles
3967e15d57 sh: If exit is used without args from a trap action, exit on the signal.
This is useful so that it is easier to exit on a signal than to reset the
trap to default and resend the signal. It matches ksh93. POSIX says that
'exit' without args from a trap action uses the exit status from the last
command before the trap, which is different from 'exit $?' and matches this
if the previous command is assumed to have exited on the signal.

If the signal is SIGSTOP, SIGTSTP, SIGTTIN or SIGTTOU, or if the default
action for the signal is to ignore it, a normal _exit(2) is done with exit
status 128+signal_number.
2011-01-16 13:56:41 +00:00
jilles
31120cf045 sh: Fix some things about -- in trap:
* Make 'trap --' do the same as 'trap' instead of nothing.
* Make '--' stop option processing (note that '-' action is not an option).

Side effect: The error message for an unknown option is different.
2011-01-15 21:09:00 +00:00
keramida
4813d86278 regression/date: unset all LC_xxx vars and set LANG/LC_ALL
When running with a custom locale setup, it's easy to confuse the
date regression tests and cause them to fail, e.g. when LANG='C'
but LC_ALL='el_GR.UTF-8'.  Set LC_ALL to 'C', which overrides all
other LC_xxx options, to avoid this sort of problem.

Reviewed by:	uqs, edwin
2011-01-09 22:05:09 +00:00
jilles
2a782244a9 sh: Remove special %builtin PATH entry.
All builtins are now always found before a PATH search.

Most ash derivatives have an undocumented feature where the presence of an
entry "%builtin" in $PATH will cause builtins to be checked at that point of
the PATH search, rather than before looking at any directories as documented
in the man page (very old versions do document this feature).

I am removing this feature from sh, as it complicates the code, may violate
expectations (for example, /usr/bin/alias is very close to a forkbomb with
PATH=/usr/bin:%builtin, only /usr/bin/builtin not being another link saves
it) and appears to be unused (all the %builtin google code search finds is
in some sort of ash source code).

Note that aliases and functions took and take precedence above builtins.
Because aliases work on a lexical level they can only ever be overridden on
a lexical level (quoting or preceding 'builtin' or 'command'). Allowing
override of functions via PATH does not really fit in the model of sh and it
would work differently from %builtin if implemented.

Note: POSIX says special builtins are found before functions. We comply to
this because we do not allow functions with the same name as a special
builtin.

Silence from:	freebsd-hackers@ (message sent 20101225)
Discussed with:	dougb
2011-01-09 21:07:30 +00:00
jilles
3a61afec3c sh: Make exit without parameters from EXIT trap POSIX-compliant.
It should use the original exit status, just like falling off the
end of the trap handler.

Outside an EXIT trap, 'exit' is still equivalent to 'exit $?'.
2011-01-08 23:08:13 +00:00
jilles
25806c21fc sh: Add simple test for 'exit' without parameters. 2011-01-08 23:00:38 +00:00
jilles
3c4cff0f35 sh: Do not call exitshell() from evalcommand() unless evalcommand() forked
itself.

This ensures that certain traps caused by builtins are executed.
2011-01-05 23:17:29 +00:00
jilles
3487ce2142 sh: Test that exit $? replaces the original exit status in an EXIT trap. 2011-01-01 15:25:15 +00:00
jilles
9391068711 sh: Check readonly status for assignments on regular builtins.
An error message is written, the builtin is not executed, nonzero exit
status is returned but the shell does not abort.

This was already checked for special builtins and external commands, with
the same consequences except that the shell aborts for special builtins.

Obtained from:	NetBSD
2011-01-01 13:26:18 +00:00
jilles
e3df947be8 sh: Check if dup2 for redirection from/to a file succeeds.
A failure (e.g. caused by ulimit -n being set very low) is a redirection
error.

Example:
  ulimit -n 9; exec 9<.
2010-12-31 18:20:17 +00:00
jilles
ca3118f4ca sh: Avoid side effects from builtins in optimized command substitution.
Change the criterion for builtins to be safe to execute in the same process
in optimized command substitution from a blacklist of only cd, . and eval to
a whitelist.

This avoids clobbering the main shell environment such as by $(exit 4) and
$(set -x).

The builtins jobid, jobs, times and trap can still show information not
available in a child process; this is deliberately permitted. (Changing
traps is not.)

For some builtins, whether they are safe depends on the arguments passed to
them. Some of these are always considered unsafe to keep things simple; this
only harms efficiency a little in the rare case they are used alone in a
command substitution.
2010-12-30 22:33:55 +00:00
jilles
fb3385d473 sh: Add two tests for special cases in command substitution that already
work in stable/8.
2010-12-30 15:04:59 +00:00
jilles
74d9b02bb0 sh: Don't do optimized command substitution if expansions have side effects.
Before considering to execute a command substitution in the same process,
check if any of the expansions may have a side effect; if so, execute it in
a new process just like happens if it is not a single simple command.

Although the check happens at run time, it is a static check that does not
depend on current state. It is triggered by:
- expanding $! (which may cause the job to be remembered)
- ${var=value} default value assignment
- assignment operators in arithmetic
- parameter substitutions in arithmetic except ${#param}, $$, $# and $?
- command substitutions in arithmetic

This means that $((v+1)) does not prevent optimized command substitution,
whereas $(($v+1)) does, because $v might expand to something containing
assignment operators.

Scripts should not depend on these exact details for correctness. It is also
imaginable to have the shell fork if and when a side effect is encountered
or to create a new temporary namespace for variables.

Due to the $! change, the construct $(jobs $!) no longer works. The value of
$! should be stored in a variable outside command substitution first.
2010-12-28 21:27:08 +00:00
jilles
076a6add84 sh: Add test for optimized command substitution.
This test verifies that certain expansions without side effects do not
cause the command substitution to be executed in a child process.

This is not a correctness requirement, but it involves a nontrivial amount
of code and it would be unfortunate if it stopped working.
2010-12-28 14:58:08 +00:00
jilles
713ef02a1f sh: Make expansion errors in optimized command substitution non-fatal.
Command substitutions consisting of a single simple command are executed in
the main shell process but this should be invisible apart from performance
and very few exceptions such as $(trap).
2010-12-28 13:28:24 +00:00
jilles
812e01538d sh: Add a testcase for cmdsubst errors that already works properly.
If a command substitution consists of one special builtin and there is a
redirection error, this should not abort the outer shell.
It was fixed in r201366 by ignoring special builtin properties for command
substitutions consisting of one builtin.
2010-12-27 23:56:03 +00:00
emaste
081f34e7e9 Restore two commented-out tests from plus-minus1.0 to a new file.
These two cases pass on -CURRENT but fail on stable/8.

Reviewed by:	jilles
2010-12-27 15:57:41 +00:00
emaste
bc01bda63e Remove commented-out test that's covered in plus-minus2.0 anyway.
Discussed with: jilles
2010-12-26 23:19:16 +00:00
jilles
ccc4611f77 sh: Make warnings in the printf builtin non-fatal, like in the program.
The #define for warnx now behaves much like the libc function (except that
it uses sh command name and output).

Also, it now uses C99 __VA_ARGS__ so there is no need for three different
macros for 0, 1 or 2 parameters.
2010-12-20 23:06:57 +00:00
jilles
84941f8297 sh: arith: Disallow decimal constants starting with 0 (containing 8 or 9).
Constants in arithmetic starting with 0 should be octal only.

This avoids the following highly puzzling result:
  $ echo $((018-017))
  3
by making it an error instead.
2010-12-18 23:03:51 +00:00
jilles
da5b058d1d sh: Fix corruption of command substitutions with special chars after newline
The CTLESC byte to protect a special character was output before instead of
after a newline directly preceding the special character.

The special handling of newlines is because command substitutions discard
all trailing newlines.
2010-12-16 23:28:20 +00:00
jilles
aed1bf9f01 sh: Fix some tests that used sh instead of ${SH}
so they tested the wrong sh.

This was caused because these tests were committed after the sh -> ${SH}
change but were created before.
2010-12-12 21:18:16 +00:00
jilles
955b676ba9 sh: Add a test for r216387 (long arithmetic expression in here document). 2010-12-12 16:56:16 +00:00
jilles
a3f372978c sh: Make the test for cd/pwd with long pathnames more useful:
* Use $(getconf PATH_MAX /) to make sure we actually exercise the hard part
* Delete our test area even if the test fails
2010-11-28 22:49:58 +00:00
jilles
b37eae53ee sh: Add a test that manipulates various long strings.
It is quite effective at detecting mistakes in memalloc.c and code using it.

It is somewhat slow, but some of the patches in my queue improve it.
2010-11-19 22:25:32 +00:00
jilles
30e8287182 sh: Add another simple test for the wait builtin. 2010-11-19 21:15:06 +00:00
jilles
1d77e31425 test: Move tests to tools/regression/bin/test.
Convert the tests to the perl prove format.
Remove obsolete TEST.README (results of an old TEST.sh for some old Unices)
and TEST.csh (old tests without correct values, far less complete than
TEST.sh).

MFC after:	1 week
2010-11-08 23:15:10 +00:00
jilles
9b70c12cad sh: Add simple tests for printf.
These are not meant as a replacement for tools/regression/usr.bin/printf/*
but to detect errors specific to making it a shell builtin.
2010-11-05 21:47:58 +00:00
jilles
000173def6 sh: Fix some issues with aliases and case, by importing dash checkkwd code.
This moves the function of the noaliases variable into the checkkwd
variable. This way it is properly reset on errors and aliases can be used
normally in the commands for each case (the case labels recognize the
keyword esac but no aliases).

The new code is clearer as well.

Obtained from:	dash
2010-11-02 23:44:29 +00:00
jilles
f98d5a366d sh: Detect various additional errors in the parser.
Apart from detecting breakage earlier or at all, this also fixes a segfault
in the testsuite. The "handling" of the breakage left an invalid internal
representation in some cases.

Examples:
  echo a; do echo b
  echo `) echo a`
  echo `date; do do do`

Exp-run done by:	pav (with some other sh(1) changes)
2010-10-29 21:06:57 +00:00
jilles
aaa3347e35 sh: Fix some issues with CTL* bytes and ${var#pat}.
subevalvar() incorrectly assumed that CTLESC bytes were present iff the
expansion was quoted. However, they are present iff various processing such
as word splitting is to be done later on.

Example:
  v=@$e@$e@$e@
  y="${v##*"$e"}"
  echo "$y"
failed if $e contained the magic CTLESC byte.

Exp-run done by:	pav (with some other sh(1) changes)
2010-10-29 19:34:57 +00:00
jilles
28ad180ab4 sh: Do IFS splitting on word in ${v+word} and ${v-word}.
The code is inspired by NetBSD sh somewhat, but different because we
preserve the old Almquist/Bourne/Korn ability to have an unquoted part in a
quoted ${v+word}. For example, "${v-"*"}" expands to $v as a single field if
v is set, but generates filenames otherwise.

Note that this is the only place where we split text literally from the
script (the similar ${v=word} assigns to v and then expands $v). The parser
must now add additional markers to allow the expansion code to know whether
arbitrary characters in substitutions are quoted.

Example:
  for i in ${$+a b c}; do echo $i; done

Exp-run done by:	pav (with some other sh(1) changes)
2010-10-29 13:42:18 +00:00
jilles
6f54496b16 sh: Only accept a '}' inside ${v+-=?...} if double-quote state matches.
If double-quote state does not match, treat the '}' literally.

This ensures double-quote state remains the same before and after a
${v+-=?...} which helps with expand.c.

It makes things like
  ${foo+"\${bar}"}
which I have seen in the wild work as expected.

Exp-run done by:	pav (with some other sh(1) changes)
2010-10-28 22:34:49 +00:00
jilles
8e66c8e658 sh: Make double-quotes quote a '}' inside ${v#...} and ${v%...}.
Exp-run done by:	pav (with some other sh(1) changes)
PR:			bin/57554
2010-10-28 21:51:14 +00:00
jilles
58038d3e9e sh: Do not allow overriding a special builtin with a function.
This is a syntax error.

POSIX does not say explicitly whether defining a function with the same name
as a special builtin is allowed, but it does say that it is impossible to
call such a function.

A special builtin can still be overridden with an alias.

This commit is part of a set of changes that will ensure that when
something looks like a special builtin to the parser, it is one. (Not the
other way around, as it remains possible to call a special builtin named
by a variable or other substitution.)

Exp-run done by:	pav (with some other sh(1) changes)
2010-10-24 22:03:21 +00:00
jilles
e5f0dbf76c sh: Make sure defined functions can actually be called.
Add some conservative checks on function names:
- Disallow expansions or quoting characters; these can only be called via
  strange control characters
- Disallow '/'; these functions cannot be called anyway, as exec.c assumes
  they are pathnames
- Make the CTL* bytes work properly in function names.

These are syntax errors.

POSIX does not require us to support more than names (letters, digits and
underscores, not starting with a digit), but I do not want to restrict it
that much at this time.

Exp-run done by:	pav (with some other sh(1) changes)
2010-10-24 20:45:13 +00:00
jilles
c487e17b8f sh: Check whether dup2 was successful for >&FD and <&FD.
A failure (usually caused by FD not being open) is a redirection error.

Exp-run done by:	pav (with some other sh(1) changes)
2010-10-24 20:09:49 +00:00
jilles
a2f958382a sh: Add a test trying to close a descriptor that is not open.
In stable/8 and older, this fails. Some of the redirection changes in head
have fixed it.
2010-10-24 19:56:34 +00:00
jilles
ba204fa87e sh: Change ! within a pipeline to start a new pipeline instead.
This is how ksh93 treats ! within a pipeline and makes the ! in
  a | ! b | c
negate the exit status of the pipeline, as if it were
  a | { ! b | c; }

Side effect: something like
  f() ! a
is now a syntax error, because a function definition takes a command,
not a pipeline.

Exp-run done by:	pav (with some other sh(1) changes)
2010-10-24 17:06:49 +00:00
jilles
dfb434120d sh: Add some testcases for alias expansion. 2010-10-24 16:55:17 +00:00
jilles
22560ed4e7 sh: Allow running 'prove' from tools/regression/bin/sh again
without needing to set special environment variables, testing the 'sh' from
PATH.
2010-10-15 20:01:35 +00:00
obrien
6b87db6229 Embellish this testcase a little bit to be more clear what the output is
and why.  The first case is correct usage which has but one correct output.
The 2nd and 3rd cases are incorrect usage in which the exact output is
not standardized and various shells give various allowable output.
2010-10-14 23:28:31 +00:00
obrien
0402932766 Do not assume in growstackstr() that a "precious" character will be
immediately written into the stack after the call.  Instead let the caller
manage the "space left".

Previously, growstackstr()'s assumption causes problems with STACKSTRNUL()
where we want to be able to turn a stack into a C string, and later
pretend the NUL is not there.

This fixes a bug in STACKSTRNUL() (that grew the stack) where:
1. STADJUST() called after a STACKSTRNUL() results in an improper adjust.
   This can be seen in ${var%pattern} and ${var%%pattern} evaluation.
2. Memory leak in STPUTC() called after a STACKSTRNUL().

Reviewed by:	jilles
2010-10-13 23:29:09 +00:00
obrien
5289908373 Allow one to regression test 'sh' changes without having to install
a potentially bad /bin/sh first.
2010-10-12 18:20:38 +00:00
obrien
5d3cd8d3f0 Correct regression test to not show a false positive when run as root. 2010-10-11 23:24:57 +00:00