Commit Graph

87 Commits

Author SHA1 Message Date
jilles
6c39df7f25 sh: Fix INTOFF leak after a builtin with different locale settings.
After executing a builtin with different locale settings such as
  LC_ALL=C true
SIGINT handling was left disabled indefinitely.

MFC after:	1 week
2017-05-07 19:49:46 +00:00
imp
7e6cabd06e Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
jilles
71c26f702a sh: Do not import IFS's value from the environment.
Per Austin group issue #884, always set IFS to $' \t\n'. As before, IFS will
be exported iff it was in the environment.

Most shells (e.g. bash, ksh93 and mksh) already did this. This change
improves predictability, in that scripts can simply rely on the default
value.

However, the effect on security is little, since applications should not be
calling the shell with attacker-controlled environment variable names in the
first place and other security-sensitive variables such as PATH should be
and are imported by the shell.

When using a new sh with an old (before 10.2) libc wordexp(), IFS is no
longer passed on. Otherwise, wordexp() continues to pass along IFS from the
environment per its documentation.

Discussed with:	pfg
Relnotes:	yes
2016-10-08 13:40:12 +00:00
jilles
e81a328bbd sh: Clean a readonly local, even if the variable does not exist outside.
If a local variable has been made read-only, this should not prevent its
removal when the function returns.
2016-01-22 20:10:08 +00:00
jilles
d42a26ab20 sh: Update associated state when restoring locals while leaving a function.
Some variables like PATH call a function when modified. Make sure to call
this also when leaving a function where such a variable was made local.

Make sure to restore local variables before shellparam, so getopts state is
not clobbered.
2016-01-10 16:31:28 +00:00
jilles
acacb5074b sh: Reduce size of options table. 2016-01-07 23:13:20 +00:00
jilles
75b5654b2a sh: Fix use-after-free when attempting to modify a read-only variable.
Reported by:	bapt
MFC after:	1 week
2015-12-16 20:33:47 +00:00
jilles
5edc3be36a sh: Make struct arglist an array instead of a linked list.
This simplifies the code (e.g. allowing use of qsort(3) instead of a
hand-rolled mergesort) and should have better cache properties.

The waste of unused args arrays after resizes is approximately the same as
the savings from getting rid of the next pointers.

At the same time, remove a piece of global state and move some duplicated
code into a function.
2015-10-11 21:33:00 +00:00
jilles
b5c07cff76 sh: Fix more compiler warnings related to variable declarations. 2015-03-03 21:21:43 +00:00
jilles
c2c7391640 sh: Fix more compiler warnings. 2015-03-01 22:32:23 +00:00
jilles
a0092595b9 sh: Prefer "" to nullstr where possible. 2015-02-15 21:47:43 +00:00
jilles
74ddfdb122 sh: Fix memory leak with an assignment before a regular builtin.
MFC after:	1 week
2014-03-27 22:57:23 +00:00
jilles
ce55d2a446 sh: Fix memory leak when trying to set a read only variable.
MFC after:	1 week
2014-03-27 22:52:26 +00:00
jilles
270892ce0a sh: Fix possible memory leaks and double frees with unexpected SIGINT. 2014-03-26 20:43:40 +00:00
jilles
c039e1a7e4 sh: Simplify code related to PPID variable. 2013-12-25 16:14:02 +00:00
jilles
ffaab89202 sh: Initialize OPTIND=1 even if it came from the environment. 2013-12-24 22:38:24 +00:00
jilles
67082dae0c sh: Remove an unused variable. 2013-12-24 22:04:44 +00:00
jilles
1d244d8c45 sh: Prefer memcpy() to strcpy() in most cases. Remove the scopy macro. 2013-11-30 21:27:11 +00:00
jilles
c71191e0d9 sh: Recognize "--" as end of options in local builtin. 2013-08-14 21:59:48 +00:00
eadler
69c7d77aef Fix two typos
Reviewed by:	jilles
2013-05-09 21:29:16 +00:00
jilles
cbc4c398d4 sh: Remove mkinit's initialization routine.
Instead, call the only init function left directly from main().
2013-01-20 12:44:50 +00:00
jilles
99ca87dd2d sh: Prefer internal nextopt() to libc getopt().
This reduces code duplication and code size.

/usr/bin/printf is not affected.

Side effect: different error messages when certain builtins are passed
invalid options.
2012-09-15 21:56:30 +00:00
jilles
44943dcf5b sh: Fix swapped INTON/INTOFF.
A possible consequence of this bug was a memory leak if SIGINT arrived
during a 'set' command (listing variables).

MFC after:	1 week
2012-02-04 23:29:07 +00:00
jilles
c9a60ad55a sh: Use vfork in a few common cases.
This uses vfork() for simple commands and command substitutions containing a
single simple command, invoking an external program under certain conditions
(no redirections or variable assignments, non-interactive shell, no job
control). These restrictions limit the amount of code executed in a vforked
child.

There is a large speedup (for example 35%) in microbenchmarks. The
difference in buildkernel is smaller (for example 0.5%) but still
statistically significant. See
http://lists.freebsd.org/pipermail/freebsd-hackers/2012-January/037581.html
for some numbers.

The use of vfork() can be disabled by setting a variable named
SH_DISABLE_VFORK.
2012-02-04 23:12:14 +00:00
jilles
f84ee4a43b sh: Skip variables with invalid names in "set", "export -p", "readonly -p".
This ensures the output of these commands is valid shell input.
2011-06-17 10:21:24 +00:00
jilles
16addb8673 sh: Fix duplicate prototypes for builtins.
Have mkbuiltins write the prototypes for the *cmd functions to builtins.h
instead of builtins.c and include builtins.h in more .c files instead of
duplicating prototypes for *cmd functions in other headers.
2011-06-13 21:03:27 +00:00
jilles
91789615b4 sh: Save/restore changed variables in optimized command substitution.
In optimized command substitution, save and restore any variables changed by
expansions (${var=value} and $((var=assigned))), instead of trying to
determine if an expansion may cause such changes.

If $! is referenced in optimized command substitution, do not cause jobs to
be remembered longer.

This fixes $(jobs $!) again, simplifies the man page and shortens the code.
2011-06-12 23:06:04 +00:00
jilles
14adb603ef sh: Minor optimization to output from ulimit/export/readonly.
No functional change is intended.
2011-05-15 22:09:27 +00:00
jilles
c9be2081e0 sh: Add \u/\U support (in $'...') for UTF-8.
Because we have no iconv in base, support for other charsets is not
possible.

Note that \u/\U are processed using the locale that was active when the
shell started. This is necessary to avoid behaviour that depends on the
parse/execute split (for example when placing braces around an entire
script). Therefore, UTF-8 encoding is implemented manually.
2011-05-08 17:40:10 +00:00
jilles
bf0e27838c sh: Optimize variable code by storing the length of the name.
Obtained from:	NetBSD
2011-05-08 16:15:50 +00:00
jilles
6672b66ab7 sh: Track if the current locale's charset is UTF-8 or not. 2011-05-06 22:31:27 +00:00
jilles
95ad413d4a sh: Remove special code for shell scripts without magic number.
These are called "shell procedures" in the source.

If execve() failed with [ENOEXEC], the shell would reinitialize itself
and execute the program as a script. This requires a fair amount of code
which is not frequently used (most scripts have a #! magic number).
Therefore just execute a new instance of sh (_PATH_BSHELL) to run the
script.
2011-02-04 22:47:55 +00:00
jilles
a123f0aac0 sh: Clean up some old comments:
* There is no plan for an alternative to the command "set".
* Attempting to unset a readonly variable has not raised an error for quite
  a while, so the order of unsetting a variable and a function with the same
  name does not matter.

MFC after:	1 week
2011-01-25 20:56:18 +00:00
jilles
9391068711 sh: Check readonly status for assignments on regular builtins.
An error message is written, the builtin is not executed, nonzero exit
status is returned but the shell does not abort.

This was already checked for special builtins and external commands, with
the same consequences except that the shell aborts for special builtins.

Obtained from:	NetBSD
2011-01-01 13:26:18 +00:00
jilles
6915411ab2 sh: Code size optimizations to buffered output.
This is mainly less use of the outc macro.

No functional change is intended, but code size is about 2K less on i386.
2010-11-20 14:14:52 +00:00
jilles
f9809fb862 sh: Do the additional actions if 'local -' restore changes -i/-m/-E/-V.
Example:
  f() { local -; set +m; }; f
caused failure to execute external programs because the job control tty fd
was not opened.
2010-11-13 22:10:26 +00:00
jilles
2ae15286ba sh: Tweak some string constants to reduce code size.
* Reduce some needless differences.
* Shorten some error messages that should not happen.
2010-10-29 21:44:43 +00:00
obrien
08b8d916b5 In the spirit of r90111, depend on c89 and remove the "STATIC" macro
and its usage.
2010-10-13 22:18:03 +00:00
obrien
f31ad1c86b Consistently use "STATIC" for all functions in order to be able to set
breakpoints with in a debugger.  And use naked "static" for variables.

Noticed by:	bde
2010-10-13 04:01:01 +00:00
jilles
694b7e6c37 sh: Apply variable assignments left-to-right in bltinlookup().
Example:
  HOME=foo HOME=bar cd
2010-09-11 14:15:50 +00:00
jilles
e5f96a4e05 sh: Pass TERM changes to libedit.
I have changed the patch slightly to ignore TERM changes in subshells.

PR:		bin/146916
Submitted by:	Guy Yur
Obtained from:	NetBSD
2010-06-02 19:16:58 +00:00
jilles
f3856c6cf2 sh: Apply locale vars on builtins, recognize LC_MESSAGES as a locale var.
This allows doing things like LC_ALL=C some_builtin to run a builtin under a
different locale, just like is possible with external programs. The
immediate reason is that this allows making printf(1) a builtin without
breaking things like LC_NUMERIC=C printf '%f\n' 1.2

This change also affects special builtins, as even though the assignment is
persistent, the export is only to the builtin (unless the variable was
already exported).

Note: for this to work for builtins that also exist as external programs
such as /bin/test, the setlocale() call must be under #ifndef SHELL. The
shell will do the setlocale() calls which may not agree with the environment
variables.
2010-05-05 21:48:40 +00:00
jilles
9c81a24436 sh: Do not stat() $MAIL/$MAILPATH in non-interactive shells.
These may be NFS mounted, and we should not touch them unless we are going
to do something useful with the information.
2010-02-06 22:57:24 +00:00
jilles
d26e4aa230 sh: Change varinit to use const better. 2009-12-27 18:32:44 +00:00
jilles
5e8a2136e7 sh: Various warning fixes (from WARNS=6 NO_WERROR=1):
- const
- initializations to silence -Wuninitialized (it was safe anyway)
- remove nested extern declarations
- rename "index" locals to "idx"
2009-12-27 18:04:05 +00:00
jilles
8e458de852 sh: Constify various strings.
Most of this is adding const keywords, but setvar() in var.c had to be
changed somewhat more.
2009-12-24 18:41:14 +00:00
jilles
979a1ef888 sh: Remove setting variables from dotcmd/exportcmd.
It is already done by evalcommand(), unless special-ness has been removed,
in which case variable assignments should not persist. (These are currently
always special builtins, but this will change later: command builtin,
command substitution.)

This also fixes a memory leak when calling . with variable assignments.

Example:
  valgrind --leak-check=full sh -c 'x=1 . /dev/null; x=2'
2009-12-24 15:14:22 +00:00
jilles
760264169e Fix various things about SIGINT handling:
* exception handlers are now run with interrupts disabled, which avoids
  many race conditions
* fix some cases where SIGINT only aborts one command and continues the
  script, in particular if a SIGINT causes an EINTR error which trumped the
  interrupt.

Example:
  sh -c 'echo < /some/fifo; echo This should not be printed'
The fifo should not have writers. When pressing ctrl+c to abort the open,
the shell used to continue with the next command.

Example:
  sh -c '/bin/echo < /some/fifo; echo This should not be printed'
Similar. Note, however, that this particular case did not and does not work
in interactive mode with job control enabled.
2009-11-22 18:23:30 +00:00
jilles
39fa9f1c99 sh: Improve handling of setjmp/longjmp volatile:
- remove ineffective and unnecessary (void) &var; [1]
- remove some unnecessary volatile keywords
- add a necessary volatile keyword
- save the old handler before doing something that could use the saved
  value

Submitted by:	Christoph Mallon [1]
Approved by:	ed (mentor)
2009-06-23 20:45:12 +00:00
rse
336f1ea816 correctly test for __GNUC__ macro (non-GCC compilers do not have it defined at all) 2009-06-01 11:02:09 +00:00