On Alpine, some users use /dev/null as a home directory. When removing
such a user with `deluser --remove-home` this causes the /dev/null
device file to be removed which is undesirable. To prevent this pitfall,
check if the home directory specified for the user is an actual
directory (or a symlink to a directory).
Implementations of similar tools for other operating systems also
implement such checks. For instance, the OpenBSD rmuser(1)
implementation [0].
[0]: b69faa6c70/usr.sbin/adduser/rmuser.perl (L143-L151)
function old new delta
deluser_main 337 380 +43
Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Commit d1b75e184 (httpd: permit non-default home directory with NOMMU
enabled) only works when used with the '-f' (foreground) option.
When '-f' isn't specified and NOMMU is enabled bb_daemonize_or_rexec()
is called to daemonize the server. Since the server process has been
re-execed the previous patch results in the xchdir() not being called.
Fix this by resetting the re_execed variable in this case.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Prior to the patch, both -f and --first-only are in all cases either
no-op or ignored.
Without --tabs, --first-only is the default so specifying it is a no-op.
With --tabs, --all is implied, and --first-only is intended to reset this.
function old new delta
expand_main 690 694 +4
Signed-off-by: Mark Edgar <medgar123@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Incorporated valid_domain_label into good_hostname to simplify the implementation.
function old new delta
static.xmalloc_optname_optval 973 958 -15
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-15) Total: -15 bytes
text data bss dec hex filename
993144 16915 1872 1011931 f70db busybox_old
993129 16915 1872 1011916 f70cc busybox_unstripped
Signed-off-by: Martin Lewis <martin.lewis.x84@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When ENABLE_FEATURE_WGET_OPENSSL is enabled, correctly implement TLS
verification by default. And only ignore verification errors, if
--no-check-certificate was passed.
Also note, that previously OPENSSL implementation did not implement
TLS verification, nor printed any warning messages that verification
was not performed.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1879533
CVE-2018-1000500
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
show_history() checks that its argument in non-null so there's
no need to repeat the test at call sites.
function old new delta
historycmd 25 17 -8
builtin_history 29 21 -8
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-16) Total: -16 bytes
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
mim runs scripts from a specification file which can be thought
of as an extremely limited Makefile. Neither make variables nor
dependencies are supported. By default the file 'Mimfile' is read.
An example:
hello:
echo hello $1
clean:
rm -rf *
The command 'mim' or 'mim hello' will echo 'hello'. Unlike 'make'
arguments after the first are available to the script; they don't
specify additional targets.
mim isn't enabled by default. Enabling it increases the size of the
binary by about 500 bytes.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Since commit 7eb8eecbb (ash: eval: Add assignment built-in support
again) building BusyBox with the 'command' built-in disabled fails.
parse_command_args() only needs to be called when the 'command'
built-in is run. Which it won't be if it's disabled.
v2: Avoiding infinite loops is good, too. Thanks, Harald van Dijk.
Reported-by: Deweloper <deweloper@wp.pl>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When BusyBox is compiled with NOMMU enabled running httpd with
the '-h' option fails even if the specified directory exists:
$ ls -d www
www
$ busybox httpd -fvvvp 8080 -h www
...
... try to access http://localhost:8080/www
...
httpd: can't change directory to 'www': No such file or directory
The parent process executes xchdir("www"). When a connection is accepted
it's handled by re-executing httpd in inetd mode. The child process
inherits the current directory "www" and tries to change directory again
to "www", which fails.
Omit the call to xchdir() when httpd is re-executed.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
From POSIX.1-2008:
The pattern_list's value shall consist of one or more patterns
separated by <newline> characters;
As such, given patterns need to be split at newline characters. Without
doing so, busybox grep will interpret the newline as part of the pattern
which is not in accordance with POSIX.
See also: https://bugs.busybox.net/show_bug.cgi?id=12721
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Grep currently special-cased empty pattern file to be the same as
pattern file with one empty line (empty pattern). That does mirror how
GNU grep behaves, except when -x is provided. In that case .* pattern
needs to be used instead.
Signed-off-by: Gray Wolf <wolf@wolfsden.cz>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Since commit 1ff7002b1 (xargs: fix handling of quoted arguments, closes
11441) the -n option hasn't worked properly:
$ echo 1 2 3 | xargs -n 1 echo
1
2
3
$
Because state is now remembered between calls to process_stdin() it's
necessary to update the state before any premature return.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
When using GNU Make >=4.3, the KBUILD_STR() definition interferes badly
with dependency checks during build, and forces a complete rebuild every
time Make runs.
In if_changed_rule, Kconfig checks if the command used to build a file
has changed since last execution. The previous command is stored in the
generated .<file>.o.cmd file. For example applets/.applets.o.cmd defines
a "cmd_applets/applets.o" variable:
cmd_applets/applets.o := gcc ... -D"KBUILD_STR(s)=#s" ...
Here the '#' should be escaped with a backslash, otherwise GNU Make
interprets it as starting a comment, and ignore the rest of the
variable. As a result of this truncation, the previous command doesn't
equal the new command and Make rebuilds each target.
The problem started to appear when GNU Make 4.3 (released January 2020),
introduced a backward-incompatible fix to macros containing a '#'. While
the above use of '#', a simple Make variable, still needs to be escaped,
a '#' within a function invocation doesn't need to be escaped anymore.
As Martin Dorey explained on the GNU Make discussion [1], the above
declaration is generated from make-cmd, defined as:
make-cmd = $(subst \#,\\\#,$(subst $$,$$$$,$(call escsq,$(cmd_$(1))))
Since GNU Make 4.3, the first argument of subst should not have a
backslash. make-cmd now looks for literally \# and doesn't find it, and
as a result doesn't add the backslash when generating .o.cmd files.
[1] http://savannah.gnu.org/bugs/?20513
We could fix it by changing make-cmd to "$(subst #,\#,...)", but to
avoid compatibility headaches, simply get rid of the KBUILD_STR
definition, as done in Linux by b42841b7bb62 ("kbuild: Get rid of
KBUILD_STR"). Quote the string arguments directly rather than asking the
preprocessor to quote them.
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The official Info-Zip unzip creates the dir if it doesn't exist.
Signed-off-by: Lauri Kasanen <cand@gmx.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Wed, 12 Sep 2018 14:27:16 +0800
expand: Fix multiple issues with EXP_DISCARD in evalvar
The commit 3cd538634f71538370f5af239f342aec48b7470b broke parameter
expansion in multiple ways because the EXP_DISCARD flag wasn't set
or tested for various cases:
$ src/dash -c 'var=; echo ${var:+nonempty}'
nonempty
$ src/dash -u -c 'unset foo bar; echo ${foo+${bar}}'
dash: 1: bar: parameter not set
$ src/dash -c 'foo=bar; echo ${foo=BUG}; echo $foo'
barBUG
bar
$
This patch fixes them by introducing a new discard variable that
tracks whether the extra word should be discarded or not when it
is parsed.
Reported-by: Martijn Dekker <martijn@inlv.org>
Fixes: 3cd538634f71 ("expand: Do not reprocess data when...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reported-by: Martijn Dekker <martijn@inlv.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream patch:
Date: Wed, 30 May 2018 02:06:03 +0800
expand: Do not reprocess data when expanding words
Currently various paths will reprocess data when performing word
expansion. For example, expari will skip backwards looking for
the start of the arithmetic expansion, while evalvar will skip
unexpanded words manually.
This is cumbersome and error-prone. This patch fixes this by
making word expansions proceed in a linear fashion. This means
changing argstr and the various expansion functions such as expari
and subevalvar to return the next character to be expanded.
This is inspired by similar code from FreeBSD. However, we take
things one step further and completely remove the manual word
skipping in evalvar. This is accomplished by introducing a new
EXP_DISCARD flag that tells argstr to only parse and not produce
any actual expansions.
Incidentally, argstr will now always NUL-terminate the expansion
unless the EXP_WORD flag is set. This is because all but one
caller of argstr wants the result to be NUL-termianted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Also includes two one-line follow-up fixes:
expand: Eat closing brace for length parameter
if (subtype == VSLENGTH) {
+ p++;
if (flag & EXP_DISCARD)
expand: Fix double-decrement in argstr
- newloc = expdest - (char *)stackblock() - end;
+ newloc = q - (char *)stackblock() - end;
and changes in code for bash substring extensions.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Following recent work on evalcommand() a TRACE statement to report
the status of a forked command was left in the wrong place.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Sun, 11 Nov 2007 15:27:00 +0800
Expand here-documents in the current shell environment
Previously we always expanded here-documents in a subshell. This is
contrary to the POSIX specification and how other shells behave. What's
more this slows down many expansions due to the extra fork (however, it
must be said that it is possible for it speed up certain expansions by
running it simultaneously with the command on two CPUs).
This patch move the expansion into the current shell environment.
Test case:
unset a
cat <<- EOF > /dev/null
${a=NOT}
EOF
echo ${a}BAD
Old result:
BAD
New result:
NOTBAD
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Mon, 19 Nov 2018 18:43:58 +0800
parser: Do not push token back before parseheredoc
When we read the first token in list() we use peektoken instead
of readtoken as the following code needs to use the same token
again. However, this is wrong when we're in a here-document as
it will clobber the saved token without resetting the tokpushback
flag.
This patch fixes it by doing the tokpushback after parseheredoc
and setting lasttoken again if parseheredoc was called.
Reported-by: Ron Yorston <rmy@frippery.org>
Fixes: 7c245aa8ed33 ("[PARSER] Simplify EOF/newline handling in...")
Fixes: ee5cbe9fd6bc ("[SHELL] Optimize dash -c "command" to avoid a fork")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Simon Ser <contact@emersion.fr>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Fri, 29 Mar 2019 13:49:59 +0800
parser: Fix old-style command substitution here-document crash
... This is caused by the recent change to
save/restore here-docment list around command substitutions. In
doing so we must finish existing here-documents prior to restoring
the old here-document list. This is done for new-style command
substitutions but not for old-style.
This patch fixes it by doing it for both.
Fixes: 51e2d88d6e51 ("parser: Save/restore here-documents in...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Fri, 1 Jun 2018 18:25:29 +0800
expand: Ensure result is escaped in cvtnum
The minus sign generated from arithmetic expansion is currently
unquoted which causes anomalies when the result is used in where
the quoting matters.
This patch fixes it by explicitly calling memtodest on the result
in cvtnum.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Thu, 31 May 2018 01:51:48 +0800
memalloc: Avoid looping in growstackto
Currently growstackto will repeatedly call growstackblock until
the requisite size is obtained. This is wasteful. This patch
changes growstackblock to take a minimum size instead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Fri, 14 Dec 2018 13:52:02 +0800
eval: Only restore exit status on exit/return
We unconditionally restore the saved status in exitreset, which
is incorrect as we only want to do it for exitcmd and returncmd.
This patch fixes the problem by introducing EXEND.
Reported-by: Martijn Dekker <martijn@inlv.org>
Fixes: da30b4b78769 ("[BUILTIN] Exit without arguments in a trap...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Fixes exitcode_trap4.tests.
Upstream commit:
Date: Mon, 6 Oct 2014 21:51:26 +0800
Return without arguments in a trap should use status outside traps
POSIX now requires that return without arguments in a trap should
return the last command status prior to executing traps. This
patch implements this behaviour.
Incidentally this also changes the behaviour of return without
arguments in a loop conditional to use the last exit status in
the body as opposed to the last command in the conditional when
there is one.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Since commit d81af7216 (ash: eval: Reap zombies after built-in commands
and functions) if the shell is compiled with SH_STANDALONE and SH_NOFORK
enabled nofork applets potentially return the incorrect status.
The status value returned by evalcommand() in this case is obtained from
exitstatus in a call to waitforjob(NULL). This overwrites the status
set for nonfork applets.
If this commit seems familiar it's essentially a reversion of commit
5ccb0e92fa (ash: return exit status of nofork applets). What was correct
in 2016 is wrong in 2020 and vice versa.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Mon, 28 May 2018 00:17:39 +0800
expand: Merge syntax/quotes in memtodest with flags
The function arguments syntax and quotes are both derived from
the expansion flags. As syntax is only used by memtodest we do
not need to maintain it outside of the function at all.
The only place that uses something other than BASESYNTAX or DQSYNTAX
is exptilde. However in that case DQSYNTAX has exactly the same
effect as SQSYNTAX.
This patch merges these two arguments into a single flags. The
macro QUOTES_KEEPNUL has been renamed to EXP_KEEPNUL in order
to keep the namespace separate.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Thu, 31 May 2018 01:15:34 +0800
eval: Always set localvar_stop
The variable localvar_stop is set iff vlocal is true. gcc doesn't
get this so we get a spurious warning.
This patch fixes this by always calling pushlocalvars with vlocal
and making it only actually do the push if vlocal is non-zero.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Sat, 19 May 2018 02:39:55 +0800
eval: Replace with listsetvar with mklocal/setvareq
This patch replaces listsetvar with mklocal/setvareq. As we now
determine special built-in status prior to variable assignment, we
no longer have to do a second pass listsetvar. Instead we will
call setvareq directly instead of mklocal when necessary.
In order to do this mklocal can now take a flag in order to mark
a variable for export.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Sat, 19 May 2018 02:39:54 +0800
eval: Fail immediately with redirections errors for simple command
Previously, dash would continue to perform variable expansions
even if a redirection error occured. This patch changes it so
that it fails immediately.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Sat, 19 May 2018 02:39:52 +0800
eval: Add assignment built-in support again
This patch adds assignment built-in support that used to exist
in dash prior to 0.3.8-15. This is because it will soon be part
of POSIX, and the semantics are now much better defined.
Recognition is done at execution time, so even "command -- export"
or "var=export; command $var" should work.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Sat, 19 May 2018 02:39:41 +0800
jobs: Only clear gotsigchld when waiting for everything
The gotsigchld flag is always cleared in dowait but not all callers
of dowait will wait for everything. In particular, when jp is set
we only wait until the set job isn't running anymore.
This patch fixes this by only clearing gotsigchld if jp is unset.
It also changes the waitcmd to actually set jp which corresponds
to the behaviour of bash/ksh93/mksh.
The only other caller of dowait that doesn't wait for everything
is the jobless reaper. This is in fact redundant now that we wait
after every simple command. This patch removes it.
Finally as every caller of dowait needs to wait until either the
given job is not running, or until all terminated jobs have been
processed, this patch moves the loop into dowait itself.
Fixes: 03876c0743a5 ("eval: Reap zombies after built-in...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream comment:
Date: Mon, 7 May 2018 00:40:34 +0800
jobs - Do not block when waiting on SIGCHLD
Because of the nature of SIGCHLD, the process may have already been
waited on and therefore we must be prepared for the case that wait
may block. So ensure that it doesn't by using WNOHANG.
Furthermore, multiple jobs may have exited when gotsigchld is set.
Therefore we need to wait until there are no zombies left.
Lastly, waitforjob needs to be called with interrupts off and
the original patch broke that.
Fixes: 03876c0743a5 ("eval: Reap zombies after built-in...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
While at it, removed INT_ON/OFF in waitforjob() - it must be called
from INT_OFF region anyway.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Mon, 26 Mar 2018 23:55:50 +0800
eval: Reap zombies after built-in commands and functions
Currently dash does not reap dead children after built-in commands
or functions. This means that if you construct a loop consisting
of solely built-in commands and functions, then zombies can hang
around indefinitely.
This patch fixes this by reaping when necessary after each built-in
command and function.
Reported-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Sat, 19 May 2018 02:39:51 +0800
exec: Never rehash regular built-ins
As regular (including special) built-ins can never be overridden,
we should never remove them from the hash table.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream comment:
Date: Sat, 19 May 2018 02:39:50 +0800
exec: Stricter pathopt parsing
This patch changes the parsing of pathopt. First of all only
%builtin and %func (with arbitrary suffixes) will be recognised.
Any other pathopt will be treated as a normal directory.
Furthermore, pathopt can now be specified before the directory,
rather than after it. In fact, a future version may remove support
for pathopt suffixes.
Wherever the pathopt is placed, an optional % may be placed after
it to terminate the pathopt.
This is so that it is less likely that a genuine directory containing
a % sign is parsed as a pathopt.
Users of padvance outside of exec.c have also been modified:
1) cd(1) will always treat % characters as part of the path.
2) chkmail will continue to accept arbitrary pathopt.
3) find_dot_file will ignore the %builtin pathopt instead of trying
to do a stat in the accompanying directory (which is usually the
current directory).
The patch also removes the clearcmdentry optimisation where we
attempt to only partially flush the table where possible.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Upstream commit:
Date: Sat, 19 May 2018 02:39:48 +0800
exec: Do not allocate stack string in padvance
Many callers of padvance immediately free the allocated string
so this patch moves the stalloc call to the caller. Instead of
returning the allocated string, padvance now returns the length
to allocate (this may be longer than the actual string length,
even including the NUL). For the case where we would previously
return NULL, we now return -1.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>