busybox/shell
Felix Fietkau b5b21126ca ash: improve / fix glob expansion
When using musl libc glob() a very long string can cause glob() to fail,
which leads to an out of memory error being raised by ash.

This can happen easily if a very long quoted string contains *, even
though no glob expansion should ever be performed on it (since it's
quoted).

Fix this by properly parsing control characters and escaping and only
accept unquoted metacharacters. While we're at it, unify this check for
libc and built-in glob expansion

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-31 21:58:55 +01:00
..
ash_test hush: fix a bug in argv restoration after sourcing a file 2017-01-09 08:13:21 +01:00
hush_test hush: fix a bug in argv restoration after sourcing a file 2017-01-09 08:13:21 +01:00
ash_doc.txt ash: fix TRACE commands 2009-03-19 23:09:58 +00:00
ash_ptr_hack.c *: make GNU licensing statement forms more regular 2010-08-16 20:14:46 +02:00
ash.c ash: improve / fix glob expansion 2017-01-31 21:58:55 +01:00
brace.txt hush: wait for cmd to complete, and immediately store its exitcode in $? 2009-11-15 19:58:19 +01:00
Config.src wget: add a big explanation what TLS code implements and what does not 2017-01-30 16:27:37 +01:00
cttyhack.c cttyhack: handle multiple consoles found in sysfs 2012-02-04 21:55:01 +01:00
hush_doc.txt
hush_leaktool.sh hush: fix "export not_yet_defined_var", fix parsing of "cmd | }" 2009-04-19 23:07:51 +00:00
hush.c *: add comment about APPLET_ODDNAME format 2017-01-29 14:57:33 +01:00
Kbuild.src Make it possible to select "sh" and "bash" aliases without selecting ash or hush 2016-12-23 16:56:43 +01:00
match.c shell/match.c: shrink by dropping double bool inversion 2010-09-12 15:06:42 +02:00
match.h hush: optimize #[#] and %[%] for speed. size -2 bytes. 2010-09-04 21:21:07 +02:00
math.c typo fix in comment 2014-11-20 01:43:30 +01:00
math.h Make it possible to select "sh" and "bash" aliases without selecting ash or hush 2016-12-23 16:56:43 +01:00
random.c ash,hush: fix a thinko about 2^64-1 factorization 2014-03-15 09:25:46 +01:00
random.h ash,hush: improve randomness of $RANDOM, add easy-ish way to test it 2014-03-13 12:52:43 +01:00
README update shell/README 2010-05-20 12:56:14 +02:00
README.job
shell_common.c libbb: consolidate the code to set termios unbuffered mode 2017-01-11 16:17:59 +01:00
shell_common.h ash: [VAR] Initialise OPTIND after importing environment 2016-09-30 14:46:41 +02:00

http://www.opengroup.org/onlinepubs/9699919799/
Open Group Base Specifications Issue 7


http://www.opengroup.org/onlinepubs/9699919799/utilities/V3_chap01.html
Shell & Utilities

It says that any of the standard utilities may be implemented
as a regular shell built-in. It gives a list of utilities which
are usually implemented that way (and some of them can only
be implemented as built-ins, like "alias"):

alias
bg
cd
command
false
fc
fg
getopts
jobs
kill
newgrp
pwd
read
true
umask
unalias
wait


http://www.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
Shell Command Language

It says that shell must implement special built-ins. Special built-ins
differ from regular ones by the fact that variable assignments
done on special builtin are *PRESERVED*. That is,

VAR=VAL special_builtin; echo $VAR

should print VAL.

(Another distinction is that an error in special built-in should
abort the shell, but this is not such a critical difference,
and moreover, at least bash's "set" does not follow this rule,
which is even codified in autoconf configure logic now...)

List of special builtins:

. file
: [argument...]
break [n]
continue [n]
eval [argument...]
exec [command [argument...]]
exit [n]
export name[=word]...
export -p
readonly name[=word]...
readonly -p
return [n]
set [-abCefhmnuvx] [-o option] [argument...]
set [+abCefhmnuvx] [+o option] [argument...]
set -- [argument...]
set -o
set +o
shift [n]
times
trap n [condition...]
trap [action condition...]
unset [-fv] name...

In practice, no one uses this obscure feature - none of these builtins
gives any special reasons to play such dirty tricks.

However. This section also says that *function invocation* should act
similar to special built-in. That is, variable assignments
done on function invocation should be preserved after function invocation.

This is significant: it is not unthinkable to want to run a function
with some variables set to special values. But because of the above,
it does not work: variable will "leak" out of the function.