From vda.linux at googlemail.com Tue Aug 2 09:18:11 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 2 Aug 2022 11:18:11 +0200 Subject: [git commit] ash: fix ifs cleanup on error paths Message-ID: <20220802090449.84AA086CA7@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=1c5455284234e894dfb6086bf7f3e9a6d5d9611f branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Patch by Alex Gorinson function old new delta evalvar 477 495 +18 varvalue 603 618 +15 subevalvar 1557 1572 +15 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/0 up/down: 48/0) Total: 48 bytes Signed-off-by: Denys Vlasenko --- shell/ash.c | 2 ++ shell/ash_test/ash-heredoc/heredoc_and_cmd.right | 2 ++ shell/ash_test/ash-heredoc/heredoc_and_cmd.tests | 8 ++++++++ shell/hush_test/hush-heredoc/heredoc_and_cmd.right | 2 ++ shell/hush_test/hush-heredoc/heredoc_and_cmd.tests | 8 ++++++++ 5 files changed, 22 insertions(+) diff --git a/shell/ash.c b/shell/ash.c index d29de37b7..c731a333b 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -7028,6 +7028,7 @@ varunset(const char *end, const char *var, const char *umsg, int varflags) msg = umsg; } } + ifsfree(); ash_msg_and_raise_error("%.*s: %s%s", (int)(end - var - 1), var, msg, tail); } @@ -7453,6 +7454,7 @@ varvalue(char *name, int varflags, int flags, int quoted) if (discard) return -1; + ifsfree(); raise_error_syntax("bad substitution"); } diff --git a/shell/ash_test/ash-heredoc/heredoc_and_cmd.right b/shell/ash_test/ash-heredoc/heredoc_and_cmd.right new file mode 100644 index 000000000..25ae70561 --- /dev/null +++ b/shell/ash_test/ash-heredoc/heredoc_and_cmd.right @@ -0,0 +1,2 @@ +./heredoc_and_cmd.tests: line 4: D: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +Y diff --git a/shell/ash_test/ash-heredoc/heredoc_and_cmd.tests b/shell/ash_test/ash-heredoc/heredoc_and_cmd.tests new file mode 100755 index 000000000..197542de7 --- /dev/null +++ b/shell/ash_test/ash-heredoc/heredoc_and_cmd.tests @@ -0,0 +1,8 @@ +# The bug was only happening with < References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14896 Denys Vlasenko changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Denys Vlasenko --- Fixed in git -- You are receiving this mail because: You are on the CC list for the bug. From vda.linux at googlemail.com Tue Aug 2 10:41:18 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 2 Aug 2022 12:41:18 +0200 Subject: [git commit] ash: fix use-after-free in pattern substituon code Message-ID: <20220802121030.E5F5386CAF@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=daa66ed62c79684219088cc0361d5b316d5d1295 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Patch by soeren at soeren-tempel.net The idx variable points to a value in the stack string (as managed by STPUTC). STPUTC may resize this stack string via realloc(3). If this happens, the idx pointer needs to be updated. Otherwise, dereferencing idx may result in a use-after free. function old new delta subevalvar 1562 1566 +4 Signed-off-by: Denys Vlasenko --- shell/ash.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/shell/ash.c b/shell/ash.c index c731a333b..105edd4c8 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -7324,13 +7324,15 @@ subevalvar(char *start, char *str, int strloc, if (idx >= end) break; STPUTC(*idx, expdest); + if (stackblock() != restart_detect) + goto restart; if (quotes && (unsigned char)*idx == CTLESC) { idx++; len++; STPUTC(*idx, expdest); + if (stackblock() != restart_detect) + goto restart; } - if (stackblock() != restart_detect) - goto restart; idx++; len++; rmesc++; From vda.linux at googlemail.com Tue Aug 2 12:34:38 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 2 Aug 2022 14:34:38 +0200 Subject: [git commit] ping: fix typo in --help text Message-ID: <20220802122059.B38A186CB5@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=9eddf164bf22a20e8033fad2dc35cde2d6bd2305 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Signed-off-by: Henrique Rodrigues Signed-off-by: Denys Vlasenko --- networking/ping.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/networking/ping.c b/networking/ping.c index 86d8088de..9805695a1 100644 --- a/networking/ping.c +++ b/networking/ping.c @@ -74,7 +74,7 @@ //usage: "\n -c CNT Send only CNT pings" //usage: "\n -s SIZE Send SIZE data bytes in packets (default 56)" //usage: "\n -i SECS Interval" -//usage: "\n -A Ping as soon as reply is recevied" +//usage: "\n -A Ping as soon as reply is received" //usage: "\n -t TTL Set TTL" //usage: "\n -I IFACE/IP Source interface or IP address" //usage: "\n -W SEC Seconds to wait for the first response (default 10)" @@ -91,7 +91,7 @@ //usage: "\n -c CNT Send only CNT pings" //usage: "\n -s SIZE Send SIZE data bytes in packets (default 56)" //usage: "\n -i SECS Interval" -//usage: "\n -A Ping as soon as reply is recevied" +//usage: "\n -A Ping as soon as reply is received" ///////: "\n -t TTL Set TTL" ///////^^^^^ -t not tested for IPv6, might be not working //usage: "\n -I IFACE/IP Source interface or IP address" From vda.linux at googlemail.com Tue Aug 2 13:05:12 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 2 Aug 2022 15:05:12 +0200 Subject: [git commit] vi: add 'ZQ' quitting command Message-ID: <20220802125351.A132686CBB@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=3147552a230cfd4a4943a46f63e3313655acf566 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Busybox vi provides the 'ZZ' command to save and close the similar 'ZQ' command just exits without saving. function old new delta do_cmd 4222 4244 +22 Signed-off-by: Grob Grobmann Signed-off-by: Denys Vlasenko --- editors/vi.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/editors/vi.c b/editors/vi.c index d799a8170..1f997e8e5 100644 --- a/editors/vi.c +++ b/editors/vi.c @@ -4324,8 +4324,14 @@ static void do_cmd(int c) goto dc_i; // start inserting break; case 'Z': // Z- if modified, {write}; exit - // ZZ means to save file (if necessary), then exit c1 = get_one_char(); + // ZQ means to exit without saving + if (c1 == 'Q') { + editing=0; + optind = cmdline_filecnt; + break; + } + // ZZ means to save file (if necessary), then exit if (c1 != 'Z') { indicate_error(); break; From vda.linux at googlemail.com Tue Aug 2 13:33:51 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 2 Aug 2022 15:33:51 +0200 Subject: [git commit] udhcpc6: fix sending of renew messages Message-ID: <20220802132050.125B286CC1@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=75aaa8b3118d4a34b83ece4ec953b8448b19b519 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master function old new delta d6_listen_socket - 150 +150 Signed-off-by: Denys Vlasenko --- networking/udhcp/d6_dhcpc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c index d4cdd0c3a..9666f0446 100644 --- a/networking/udhcp/d6_dhcpc.c +++ b/networking/udhcp/d6_dhcpc.c @@ -844,7 +844,7 @@ static NOINLINE int send_d6_renew(struct in6_addr *server_ipv6, struct in6_addr uint8_t *opt_ptr; /* Fill in: msg type, xid, ELAPSED_TIME */ - opt_ptr = init_d6_packet(&packet, DHCPREQUEST); + opt_ptr = init_d6_packet(&packet, D6_MSG_RENEW); /* server id */ opt_ptr = mempcpy(opt_ptr, client6_data.server_id, client6_data.server_id->len + 2+2); @@ -1083,7 +1083,7 @@ static void change_listen_mode(int new_mode) client_data.sockfd = -1; } if (new_mode == LISTEN_KERNEL) - client_data.sockfd = udhcp_listen_socket(/*INADDR_ANY,*/ CLIENT_PORT6, client_data.interface); + client_data.sockfd = d6_listen_socket(/*INADDR_ANY,*/ CLIENT_PORT6, client_data.interface); else if (new_mode != LISTEN_NONE) client_data.sockfd = d6_raw_socket(client_data.ifindex); /* else LISTEN_NONE: client_data.sockfd stays closed */ @@ -1489,6 +1489,7 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv) if (opt & OPT_l) send_d6_info_request(); else /* send a broadcast renew request */ +//TODO: send_d6_renew uses D6_MSG_RENEW message, should we use D6_MSG_REBIND here instead? send_d6_renew(/*server_ipv6:*/ NULL, requested_ipv6); timeout = discover_timeout; packet_num++; From vda.linux at googlemail.com Tue Aug 2 16:27:41 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 2 Aug 2022 18:27:41 +0200 Subject: [git commit] ash: fix use-after-free in bash pattern substitution Message-ID: <20220802161437.4375186CC0@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=7c2a3bdde0a1316771fdd07ff03413f00383f70e branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master function old new delta subevalvar 1566 1564 -2 Signed-off-by: S??ren Tempel Signed-off-by: Denys Vlasenko --- shell/ash.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/shell/ash.c b/shell/ash.c index 105edd4c8..55c1034f5 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -7357,6 +7357,13 @@ subevalvar(char *start, char *str, int strloc, idx = loc; } + /* The STPUTC invocations above may resize and move the + * stack via realloc(3). Since repl is a pointer into the + * stack, we need to reconstruct it relative to stackblock(). + */ + if (slash_pos >= 0) + repl = (char *)stackblock() + strloc + slash_pos + 1; + //bb_error_msg("repl:'%s'", repl); for (loc = (char*)repl; *loc; loc++) { char *restart_detect = stackblock(); From vda.linux at googlemail.com Tue Aug 2 16:04:51 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 2 Aug 2022 18:04:51 +0200 Subject: [git commit] udhcpc6: downgrade "opening listen socket" log level to 2 Message-ID: <20220802161437.360FB86CCC@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=84b89b4c22ab7c8348d00e31d5319fad6e43defe branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master This matches udhcpc for IPv4. Signed-off-by: Denys Vlasenko --- networking/udhcp/d6_dhcpc.c | 2 +- networking/udhcp/d6_socket.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c index 9666f0446..c7f130a70 100644 --- a/networking/udhcp/d6_dhcpc.c +++ b/networking/udhcp/d6_dhcpc.c @@ -1083,7 +1083,7 @@ static void change_listen_mode(int new_mode) client_data.sockfd = -1; } if (new_mode == LISTEN_KERNEL) - client_data.sockfd = d6_listen_socket(/*INADDR_ANY,*/ CLIENT_PORT6, client_data.interface); + client_data.sockfd = d6_listen_socket(CLIENT_PORT6, client_data.interface); else if (new_mode != LISTEN_NONE) client_data.sockfd = d6_raw_socket(client_data.ifindex); /* else LISTEN_NONE: client_data.sockfd stays closed */ diff --git a/networking/udhcp/d6_socket.c b/networking/udhcp/d6_socket.c index 8ddee5a8e..21cf61c6e 100644 --- a/networking/udhcp/d6_socket.c +++ b/networking/udhcp/d6_socket.c @@ -110,7 +110,7 @@ int FAST_FUNC d6_listen_socket(int port, const char *inf) int fd; struct sockaddr_in6 addr; - log1("opening listen socket on *:%d %s", port, inf); + log2("opening listen socket on *:%d %s", port, inf); fd = xsocket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP); setsockopt_reuseaddr(fd); From bugzilla at busybox.net Sat Aug 6 13:19:50 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Sat, 06 Aug 2022 13:19:50 +0000 Subject: [Bug 14941] New: acpid: ignores events if input event numbering is not contiguous Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14941 Bug ID: 14941 Summary: acpid: ignores events if input event numbering is not contiguous Product: Busybox Version: 1.35.x Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Other Assignee: unassigned at busybox.net Reporter: spam at ipik.org CC: busybox-cvs at busybox.net Target Milestone: --- Have noticed a problem with busybox acpid input scan in /dev/input/event* All is fine as long as event numbering is contiguous, but if there is a "hole" in-between, acpid does not take inputs after the hole. Exemple below on Alpine 3.16 where fuser shows event0 and event1 are handled, but event3 is ignored (event2 missing), despite restarting acpid. $ service acpid status * status: started $ ls /dev/input/ event0 event1 event3 mice mouse0 $ pidof acpid 4530 $ fuser /dev/input/event3 $ fuser /dev/input/event0 4530 $ fuser /dev/input/event1 4530 $ service acpid restart * Stopping busybox acpid ... [ ok ] * Starting busybox acpid ... [ ok ] $ fuser /dev/input/event3 $ fuser /dev/input/event0 4613 This is quite annoying in situations where devices may come & go (like bluetooth keyboards, AVRCP,...), and therefore create such holes in event numbering. -- You are receiving this mail because: You are on the CC list for the bug. From bugzilla at busybox.net Tue Aug 9 14:30:22 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Tue, 09 Aug 2022 14:30:22 +0000 Subject: [Bug 14956] New: A use-after-free in busybox's bc applet Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14956 Bug ID: 14956 Summary: A use-after-free in busybox's bc applet Product: Busybox Version: 1.33.x Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Other Assignee: unassigned at busybox.net Reporter: xiechengliang1 at huawei.com CC: busybox-cvs at busybox.net Target Milestone: --- Created attachment 9356 --> https://bugs.busybox.net/attachment.cgi?id=9356&action=edit poc command ./busybox_unstripped bc text.txt bc 1.33.1 Adapted from https://github.com/gavinhoward/bc Original code (c) 2018 Gavin D. Howard and contributors ================================================================= ==556554==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000002e0 at pc 0x7f0419528d4d bp 0x7ffd18813e60 sp 0x7ffd18813608 READ of size 2 at 0x6030000002e0 thread T0 #0 0x7f0419528d4c (/lib/x86_64-linux-gnu/libasan.so.5+0x73d4c) #1 0x564f7483d148 in bc_error_at miscutils/bc.c:988 0x6030000002e0 is located 0 bytes inside of 32-byte region [0x6030000002e0,0x603000000300) freed by thread T0 here: #0 0x7f04195c2ffe in __interceptor_realloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dffe) #1 0x564f747fd10c in xrealloc libbb/xfuncs_printf.c:61 previously allocated by thread T0 here: #0 0x7f04195c2bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8) #1 0x564f747fd074 in xmalloc libbb/xfuncs_printf.c:50 SUMMARY: AddressSanitizer: heap-use-after-free (/lib/x86_64-linux-gnu/libasan.so.5+0x73d4c) Shadow bytes around the buggy address: 0x0c067fff8000: fa fa 00 00 07 fa fa fa 00 00 06 fa fa fa 00 00 0x0c067fff8010: 07 fa fa fa 00 00 00 fa fa fa 00 00 06 fa fa fa 0x0c067fff8020: 00 00 00 01 fa fa 00 00 00 02 fa fa 00 00 00 01 0x0c067fff8030: fa fa 00 00 07 fa fa fa 00 00 04 fa fa fa 00 00 0x0c067fff8040: 00 01 fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa =>0x0c067fff8050: 00 00 00 00 fa fa 00 00 00 00 fa fa[fd]fd fd fd 0x0c067fff8060: fa fa 00 00 00 00 fa fa fa fa fa fa fa fa fa fa 0x0c067fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==556554==ABORTING -- You are receiving this mail because: You are on the CC list for the bug. From bugzilla at busybox.net Tue Aug 9 14:49:59 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Tue, 09 Aug 2022 14:49:59 +0000 Subject: [Bug 14956] A use-after-free in busybox's bc applet In-Reply-To: References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14956 --- Comment #1 from xiechengliang --- Debug with gdb, print stack ========================================================================== Adapted from https://github.com/gavinhoward/bc Original code (c) 2018 Gavin D. Howard and contributors Breakpoint 1, bc_vec_grow (v=v at entry=0x69b160, n=n at entry=1) at miscutils/bc.c:1095 1095 { (gdb) bt #0 bc_vec_grow (v=v at entry=0x69b160, n=n at entry=1) at miscutils/bc.c:1095 #1 0x000000000040adf4 in bc_vec_npush (v=v at entry=0x69b160, n=n at entry=1, data=data at entry=0x7fffffffda9f) at miscutils/bc.c:1149 #2 0x000000000040ae2b in bc_vec_push (v=v at entry=0x69b160, data=data at entry=0x7fffffffda9f) at miscutils/bc.c:1157 #3 0x000000000040cfe2 in bc_vec_pushByte (data=94 '^', v=0x69b160) at miscutils/bc.c:1182 #4 xc_read_line (vec=vec at entry=0x69b160, fp=0x69f6b0) at miscutils/bc.c:2654 #5 0x000000000040d03f in peek_inbuf () at miscutils/bc.c:2893 #6 0x000000000040d0d2 in zxc_lex_number (last=52 '4') at miscutils/bc.c:2969 #7 0x000000000040d6be in zbc_lex_token () at miscutils/bc.c:3343 #8 zxc_lex_next () at miscutils/bc.c:3057 #9 0x000000000040e2c3 in zbc_parse_name (type=type at entry=0x7fffffffdbec, flags=flags at entry=2 '\002') at miscutils/bc.c:3961 #10 0x000000000040df58 in zbc_parse_expr (flags=flags at entry=2 '\002') at miscutils/bc.c:4908 #11 0x000000000040e5bf in zbc_parse_stmt_possibly_auto (auto_allowed=auto_allowed at entry=false) at miscutils/bc.c:4707 #12 0x000000000040ed83 in zbc_parse_stmt () at miscutils/bc.c:3818 #13 zbc_parse_stmt_or_funcdef () at miscutils/bc.c:4782 #14 zxc_vm_process (text=text at entry=0x497b06 "") at miscutils/bc.c:6959 #15 0x00000000004104de in zxc_vm_execute_FILE (fp=fp at entry=0x69f6b0, filename=filename at entry=0x7fffffffe586 "new_txt") at miscutils/bc.c:7060 #16 0x00000000004107e3 in zxc_vm_file (file=0x7fffffffe586 "new_txt") at miscutils/bc.c:7077 #17 zxc_vm_exec () at miscutils/bc.c:7347 #18 xc_vm_run () at miscutils/bc.c:7508 #19 bc_main (argc=, argv=) at miscutils/bc.c:7541 #20 0x000000000040784d in run_applet_no_and_exit (applet_no=applet_no at entry=10, name=name at entry=0x7fffffffe583 "bc", argv=argv at entry=0x7fffffffe1b0) at libbb/appletlib.c:1023 #21 0x0000000000407bd2 in run_applet_and_exit (name=0x7fffffffe583 "bc", argv=argv at entry=0x7fffffffe1b0) at libbb/appletlib.c:1046 #22 0x0000000000407b23 in busybox_main (argv=0x7fffffffe1b0) at libbb/appletlib.c:973 #23 run_applet_and_exit (name=, argv=argv at entry=0x7fffffffe1a8) at libbb/appletlib.c:1035 #24 0x0000000000407c62 in main (argc=, argv=0x7fffffffe1a8) at libbb/appletlib.c:1180 ===================================================================== In zxc_lex_next(): p->lex_next_at = p->lex_inbuf; then, zbc_len_token->...->bc_vec_grow will realloc lex_inbuf, The reallocation is done by either: a) expanding or contracting the existing area pointed to by ptr, if possible. The contents of the area remain unchanged up to the lesser of the new and old sizes. If the area is expanded, the contents of the new part of the array are undefined. b) allocating a new memory block of size new_size bytes, copying memory area with size equal the lesser of the new and the old sizes, and freeing the old block. In the b scenario, continuing to use lex_next_at leads to use-after-free. In in bc_error_at miscutils/bc.c:988 leads to use-after-free static ERRORFUNC int bc_error_at(const char *msg) { const char *err_at = G.prs.lex_next_at; if (err_at) { IF_ERROR_RETURN_POSSIBLE(return) bc_error_fmt( "%s at '%.*s'", msg, (int)(strchrnul(err_at, '\n') - err_at), err_at ); } ..... } -- You are receiving this mail because: You are on the CC list for the bug. From bugzilla at busybox.net Tue Aug 9 14:55:30 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Tue, 09 Aug 2022 14:55:30 +0000 Subject: [Bug 14956] A use-after-free in busybox's bc applet In-Reply-To: References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14956 --- Comment #2 from xiechengliang --- Possible fix: diff --git a/miscutils/bc.c b/miscutils/bc.c index ab785bbc8..44e55eeea 100644 --- a/miscutils/bc.c +++ b/miscutils/bc.c @@ -3048,16 +3048,16 @@ static BC_STATUS zxc_lex_next(void) if (peek_inbuf() == '\0') RETURN_STATUS(BC_STATUS_SUCCESS); } - p->lex_next_at = p->lex_inbuf; - dbg_lex("next string to parse:'%.*s'", - (int)(strchrnul(p->lex_next_at, '\n') - p->lex_next_at), - p->lex_next_at - ); if (IS_BC) { IF_BC(s = zbc_lex_token()); } else { IF_DC(s = zdc_lex_token()); } + p->lex_next_at = p->lex_inbuf; + dbg_lex("next string to parse:'%.*s'", + (int)(strchrnul(p->lex_next_at, '\n') - p->lex_next_at), + p->lex_next_at + ); } while (!s && p->lex == XC_LEX_WHITESPACE); dbg_lex("p->lex from string:%d", p->lex); -- You are receiving this mail because: You are on the CC list for the bug. From bugzilla at busybox.net Fri Aug 12 02:14:54 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Fri, 12 Aug 2022 02:14:54 +0000 Subject: [Bug 14961] New: nslookup prints one of A or AAAA records based on which was received first Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14961 Bug ID: 14961 Summary: nslookup prints one of A or AAAA records based on which was received first Product: Busybox Version: 1.34.x Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Networking Assignee: unassigned at busybox.net Reporter: brandon.adams at me.com CC: busybox-cvs at busybox.net Target Milestone: --- While troubleshooting some DNS issues I found that the nslookup utility would sometimes return only a set of IPv6 addresses. This behavior was inconsistent. Sometimes only IPv6 addresses would be printed, sometimes only IPv4, Being unfamiliar with Busybox, I pulled up the nslookup man page and saw that the default behavior was to lookup "A and then AAAA." Based on that I thought that perhaps our DNS server was misbehaving and sporadically returning NXDOMAIN, or timing out, so fired up tcpdump to see what was happening. Here's an example dump where nslookup printed just the AAAA record: ------------ 01:20:48.401951 IP 10.4.36.53.40450 > 172.20.0.10.domain: 18432+ A? purple.com. (28) 01:20:48.401997 IP 10.4.36.53.40450 > 10.4.59.5.domain: 18432+ A? purple.com. (28) 01:20:48.402026 IP 10.4.36.53.40450 > 172.20.0.10.domain: 18432+ AAAA? purple.com. (28) 01:20:48.402037 IP 10.4.36.53.40450 > 10.4.59.5.domain: 18432+ AAAA? purple.com. (28) 01:20:48.402465 IP 10.4.59.5.domain > 10.4.36.53.40450: 18432 2/0/0 AAAA 2606:4700::6812:1dca, AAAA 2606:4700::6812:1cca (104) 01:20:48.402482 IP 172.20.0.10.domain > 10.4.36.53.40450: 18432 2/0/0 AAAA 2606:4700::6812:1dca, AAAA 2606:4700::6812:1cca (104) 01:20:48.404806 IP 10.4.59.5.domain > 10.4.36.53.40450: 18432 2/0/0 A 104.18.29.202, A 104.18.28.202 (80) 01:20:48.404827 IP 172.20.0.10.domain > 10.4.36.53.40450: 18432 2/0/0 A 104.18.29.202, A 104.18.28.202 (80) ------------ You can see that on the Busybox side, 10.4.36.53, we send an A and then an AAAA query over the same socket. The resolver returns the AAAA record first, or at least, we receive it first -- UDP makes no ordering guarantees. When nslookup prints just A records I observe that the A record is returned first. This reproduces easily for me. I first observed it Busybox 1.33.1 in a Kubernetes environment. I also reproduced it on Docker Desktop on an M1 Mac using the latest Busybox image, 1.34.1. I can see this behavior was also observed in this bug: https://bugs.busybox.net/show_bug.cgi?id=11161#c4 -- You are receiving this mail because: You are on the CC list for the bug. From bugzilla at busybox.net Fri Aug 12 07:34:38 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Fri, 12 Aug 2022 07:34:38 +0000 Subject: [Bug 14956] A use-after-free in busybox's bc applet In-Reply-To: References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14956 xiechengliang changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |major -- You are receiving this mail because: You are on the CC list for the bug. From bugzilla at busybox.net Sun Aug 14 20:58:58 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Sun, 14 Aug 2022 20:58:58 +0000 Subject: [Bug 14966] New: CONFIG_ACPI_TINY_POWER_BUTTON_SIGNAL not supported by init Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14966 Bug ID: 14966 Summary: CONFIG_ACPI_TINY_POWER_BUTTON_SIGNAL not supported by init Product: Busybox Version: 1.34.x Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Other Assignee: unassigned at busybox.net Reporter: df7729 at gmail.com CC: busybox-cvs at busybox.net Target Milestone: --- Trying to use the power button to shutdown the system doesn't work with busybox when the tiny power button module is in use. Busybox doesn't handle: CONFIG_ACPI_TINY_POWER_BUTTON_SIGNAL Please add. -- You are receiving this mail because: You are on the CC list for the bug. From bugzilla at busybox.net Thu Aug 18 14:23:37 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Thu, 18 Aug 2022 14:23:37 +0000 Subject: [Bug 14956] A use-after-free in busybox's bc applet In-Reply-To: References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14956 --- Comment #3 from Denys Vlasenko --- I can't reproduce it. Does this fix work for you? --- a/miscutils/bc.c +++ b/miscutils/bc.c @@ -2892,6 +2892,8 @@ static char peek_inbuf(void) ) { xc_read_line(&G.input_buffer, G.prs.lex_input_fp); G.prs.lex_inbuf = G.input_buffer.v; + /* lex_next_at may point to now-freed data, update it */ + G.prs.lex_next_at = G.prs.lex_inbuf; if (G.input_buffer.len <= 1) // on EOF, len is 1 (NUL byte) G.prs.lex_input_fp = NULL; } -- You are receiving this mail because: You are on the CC list for the bug. From vda.linux at googlemail.com Thu Aug 18 14:23:55 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Thu, 18 Aug 2022 16:23:55 +0200 Subject: [git commit] bc: hopefully fix bug 14956 (use-after-free) Message-ID: <20220818141100.374B3879AD@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=41d5f800a14769704082f7faeabb8435285499be branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Signed-off-by: Denys Vlasenko --- miscutils/bc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/miscutils/bc.c b/miscutils/bc.c index ab785bbc8..1300a63fb 100644 --- a/miscutils/bc.c +++ b/miscutils/bc.c @@ -2892,6 +2892,8 @@ static char peek_inbuf(void) ) { xc_read_line(&G.input_buffer, G.prs.lex_input_fp); G.prs.lex_inbuf = G.input_buffer.v; + // lex_next_at may point to now-freed data, update it: + G.prs.lex_next_at = G.prs.lex_inbuf; if (G.input_buffer.len <= 1) // on EOF, len is 1 (NUL byte) G.prs.lex_input_fp = NULL; } From bugzilla at busybox.net Thu Aug 18 20:54:52 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Thu, 18 Aug 2022 20:54:52 +0000 Subject: [Bug 14941] acpid: ignores events if input event numbering is not contiguous In-Reply-To: References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14941 --- Comment #1 from macmpi --- Looking quickly at code lines 316-320, it seems one while/break may abusively escape monitoring some events in cases where /dev/input/events are not contiguous. Thoughts? -- You are receiving this mail because: You are on the CC list for the bug. From vda.linux at googlemail.com Mon Aug 22 12:05:01 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Mon, 22 Aug 2022 14:05:01 +0200 Subject: [git commit] libbb: make '--help' handling more consistent Message-ID: <20220822115214.E271C87A8B@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=5a9d2b6e024e6c20d4d7b8c170985554c0df043d branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Running an applet with '--help' as its only argument is treated as a special case. If additional arguments follow '--help' the behaviour is inconsistent: - applets which call single_argv() print help and do nothing else; - applets which call getopt() report "unrecognized option '--help'" and print help anyway; - expr says "expr: syntax error" and doesn't print help; - printenv silently ignores '--help', prints any other variables and doesn't print help; - realpath says "--help: No such file or directory", prints the path of any other files and doesn't print help. If the first argument is '--help' ignore any other arguments and print help. This is more consistent and most likely what the user wanted. See also commit 6bdfbc4cb (libbb: fix '--help' handling in FEATURE_SH_NOFORK=y). function old new delta show_usage_if_dash_dash_help 75 69 -6 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-6) Total: -6 bytes Signed-off-by: Ron Yorston Signed-off-by: Denys Vlasenko --- libbb/appletlib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libbb/appletlib.c b/libbb/appletlib.c index d8ab2a450..9b9d7dbd6 100644 --- a/libbb/appletlib.c +++ b/libbb/appletlib.c @@ -258,7 +258,6 @@ void lbb_prepare(const char *applet /* Redundant for busybox (run_applet_and_exit covers that case) * but needed for "individual applet" mode */ if (argv[1] - && !argv[2] && strcmp(argv[1], "--help") == 0 && !is_prefixed_with(applet, "busybox") ) { @@ -940,8 +939,8 @@ void FAST_FUNC show_usage_if_dash_dash_help(int applet_no, char **argv) && applet_no != APPLET_NO_echo # endif ) { - if (argv[1] && !argv[2] && strcmp(argv[1], "--help") == 0) { - /* Make "foo --help" exit with 0: */ + if (argv[1] && strcmp(argv[1], "--help") == 0) { + /* Make "foo --help [...]" exit with 0: */ xfunc_error_retval = 0; bb_show_usage(); } From vda.linux at googlemail.com Mon Aug 22 13:40:47 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Mon, 22 Aug 2022 15:40:47 +0200 Subject: [git commit] xxd -r: without -p, stop at more than one whitespace, closes 14786 Message-ID: <20220822132725.D025B87A90@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=f318adaaab3288fe72cb853bf7ede56790a13182 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master function old new delta xxd_main 888 1076 +188 Signed-off-by: Denys Vlasenko --- testsuite/xxd.tests | 9 ++++++++ util-linux/hexdump_xxd.c | 56 +++++++++++++++++++++++++++++++++--------------- 2 files changed, 48 insertions(+), 17 deletions(-) diff --git a/testsuite/xxd.tests b/testsuite/xxd.tests index 76fa96af9..359e7f8f7 100755 --- a/testsuite/xxd.tests +++ b/testsuite/xxd.tests @@ -37,4 +37,13 @@ testing 'xxd -p -r' \ '' \ '30313233343536373736353433323130 30313233343536373736353433323130' +testing 'xxd -r skips leading whitespace and truncates at two spaces' \ + 'xxd -r' \ + '0123456789:;<=>?@' \ + '' \ +"\ + 00000000: 3031 3233 3435 3637 3839 3a3b 3c3d 3e3f 0123456789:;<=>? + 00000010: 40 @ +" + exit $FAILCOUNT diff --git a/util-linux/hexdump_xxd.c b/util-linux/hexdump_xxd.c index 4372ac770..dbda34bc5 100644 --- a/util-linux/hexdump_xxd.c +++ b/util-linux/hexdump_xxd.c @@ -76,12 +76,14 @@ static void reverse(unsigned opt, const char *filename) fp = filename ? xfopen_for_read(filename) : stdin; + get_new_line: while ((buf = xmalloc_fgetline(fp)) != NULL) { char *p; p = buf; if (!(opt & OPT_p)) { - /* skip address */ + skip_address: + p = skip_whitespace(p); while (isxdigit(*p)) p++; /* NB: for xxd -r, first hex portion is address even without colon */ /* If it's there, skip it: */ @@ -94,36 +96,45 @@ static void reverse(unsigned opt, const char *filename) /* Process hex bytes optionally separated by whitespace */ for (;;) { uint8_t val, c; + int badchar = 0; nibble1: - p = skip_whitespace(p); - + if (opt & OPT_p) + p = skip_whitespace(p); c = *p++; if (isdigit(c)) val = c - '0'; else if ((c|0x20) >= 'a' && (c|0x20) <= 'f') val = (c|0x20) - ('a' - 10); else { - /* xxd V1.10 is inconsistent here. + /* xxd V1.10 allows one non-hexnum char: * echo -e "31 !3 0a 0a" | xxd -r -p * is "10" (no ) - "!" is ignored, - * but + * but stops for more than one: * echo -e "31 !!343434\n30 0a" | xxd -r -p * is "10" - "!!" drops rest of the line. - * We will ignore all invalid chars: + * Note: this also covers whitespace chars: + * xxxxxxxx: 3031 3233 3435 3637 3839 3a3b 3c3d 3e3f 0123456789:;<=>? + * detects this ^ - skips this one space + * xxxxxxxx: 3031 3233 3435 3637 3839 3a3b 3c3d 3e3f 0123456789:;<=>? + * detects this ^^ - skips the rest */ - if (c != '\0') - goto nibble1; - break; + if (c == '\0' || badchar) + break; + badchar++; + goto nibble1; } val <<= 4; - /* Works the same with xxd V1.10: - * echo "31 09 32 0a" | xxd -r -p - * echo "31 0 9 32 0a" | xxd -r -p - * thus allow whitespace even within the byte: - */ nibble2: - p = skip_whitespace(p); + if (opt & OPT_p) { + /* Works the same with xxd V1.10: + * echo "31 09 32 0a" | xxd -r -p + * echo "31 0 9 32 0a" | xxd -r -p + * thus allow whitespace (even multiple chars) + * after byte's 1st char: + */ + p = skip_whitespace(p); + } c = *p++; if (isdigit(c)) @@ -132,7 +143,16 @@ static void reverse(unsigned opt, const char *filename) val |= (c|0x20) - ('a' - 10); else { if (c != '\0') { - /* "...3..." ignores both chars */ + /* "...3...": ignore "3", + * skip everything up to next hexchar or newline: + */ + while (!isxdigit(*p)) { + if (*p == '\0') { + free(buf); + goto get_new_line; + } + p++; + } goto nibble1; } /* Nibbles can join even through newline: @@ -143,10 +163,12 @@ static void reverse(unsigned opt, const char *filename) p = buf = xmalloc_fgetline(fp); if (!buf) break; + if (!(opt & OPT_p)) /* -p and !-p: different behavior */ + goto skip_address; goto nibble2; } putchar(val); - } + } /* for(;;) */ free(buf); } //fclose(fp); From vda.linux at googlemail.com Mon Aug 22 13:57:57 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Mon, 22 Aug 2022 15:57:57 +0200 Subject: [git commit] xxd: add two more testcases Message-ID: <20220822134326.1230687A95@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=0011a6bc2024ec4ee6d8edea203524e758d67833 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Signed-off-by: Denys Vlasenko --- testsuite/xxd.tests | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/testsuite/xxd.tests b/testsuite/xxd.tests index 359e7f8f7..2c740abc8 100755 --- a/testsuite/xxd.tests +++ b/testsuite/xxd.tests @@ -40,10 +40,24 @@ testing 'xxd -p -r' \ testing 'xxd -r skips leading whitespace and truncates at two spaces' \ 'xxd -r' \ '0123456789:;<=>?@' \ - '' \ -"\ + '' "\ 00000000: 3031 3233 3435 3637 3839 3a3b 3c3d 3e3f 0123456789:;<=>? 00000010: 40 @ " +testing 'xxd -p -r skips one bad char, truncates at two bad chars' \ + 'xxd -p -r' \ + '01' \ + '' "\ +30 !31 !!32 +" + +testing 'xxd -p -r ignores the nibble with 2nd char bad' \ + 'xxd -p -r' \ + '3C6' \ + '' "\ +33 3!4 3!!5 +36 +" + exit $FAILCOUNT From vda.linux at googlemail.com Mon Aug 22 15:28:43 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Mon, 22 Aug 2022 17:28:43 +0200 Subject: [git commit] xxd -r: handle offsets Message-ID: <20220822151501.AA67A87AB2@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=5eceafb1f812ec4dca7fdf6896cfcea6783a78b9 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master function old new delta xxd_main 1076 1439 +363 .rodata 105239 105251 +12 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 375/0) Total: 375 bytes Signed-off-by: Denys Vlasenko --- util-linux/hexdump_xxd.c | 58 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 8 deletions(-) diff --git a/util-linux/hexdump_xxd.c b/util-linux/hexdump_xxd.c index dbda34bc5..6629407de 100644 --- a/util-linux/hexdump_xxd.c +++ b/util-linux/hexdump_xxd.c @@ -55,6 +55,7 @@ //usage: "\n -r Reverse (with -p, assumes no offsets in input)" #include "libbb.h" +#include "common_bufsiz.h" #include "dump.h" /* This is a NOEXEC applet. Be very careful! */ @@ -69,10 +70,32 @@ #define OPT_c (1 << 7) #define OPT_o (1 << 8) -static void reverse(unsigned opt, const char *filename) +#define fillbuf bb_common_bufsiz1 + +static void write_zeros(off_t count) +{ + errno = 0; + do { + unsigned sz = count < COMMON_BUFSIZE ? (unsigned)count : COMMON_BUFSIZE; + if (fwrite(fillbuf, 1, sz, stdout) != sz) + bb_perror_msg_and_die("write error"); + count -= sz; + } while (count != 0); +} + +static void reverse(unsigned opt, const char *filename, char *opt_s) { FILE *fp; char *buf; + off_t cur, opt_s_ofs; + + memset(fillbuf, 0, COMMON_BUFSIZE); + opt_s_ofs = cur = 0; + if (opt_s) { + opt_s_ofs = BB_STRTOOFF(opt_s, NULL, 0); + if (errno || opt_s_ofs < 0) + bb_error_msg_and_die("invalid number '%s'", opt_s); + } fp = filename ? xfopen_for_read(filename) : stdin; @@ -82,15 +105,31 @@ static void reverse(unsigned opt, const char *filename) p = buf; if (!(opt & OPT_p)) { + char *end; + off_t ofs; skip_address: p = skip_whitespace(p); - while (isxdigit(*p)) p++; + ofs = BB_STRTOOFF(p, &end, 16); + if ((errno && errno != EINVAL) + || ofs < 0 + /* -s SEEK value should be added before seeking */ + || (ofs += opt_s_ofs) < 0 + ) { + bb_error_msg_and_die("invalid number '%s'", p); + } + if (ofs != cur) { + if (fseeko(stdout, ofs, SEEK_SET) != 0) { + if (ofs < cur) + bb_perror_msg_and_die("cannot seek"); + write_zeros(ofs - cur); + } + cur = ofs; + } + p = end; /* NB: for xxd -r, first hex portion is address even without colon */ - /* If it's there, skip it: */ - if (*p == ':') p++; - -//TODO: seek (or zero-pad if unseekable) to the address position -//NOTE: -s SEEK value should be added to the address before seeking + /* But if colon is there, skip it: */ + if (*p == ':') + p++; } /* Process hex bytes optionally separated by whitespace */ @@ -168,6 +207,7 @@ static void reverse(unsigned opt, const char *filename) goto nibble2; } putchar(val); + cur++; } /* for(;;) */ free(buf); } @@ -195,6 +235,8 @@ int xxd_main(int argc UNUSED_PARAM, char **argv) unsigned opt; int r; + setup_common_bufsiz(); + dumper = alloc_dumper(); opt = getopt32(argv, "^" "l:s:apirg:+c:+o:" "\0" "?1" /* 1 argument max */, @@ -222,7 +264,7 @@ int xxd_main(int argc UNUSED_PARAM, char **argv) } if (opt & OPT_r) { - reverse(opt, argv[0]); + reverse(opt, argv[0], opt_s); } if (opt & OPT_o) { From bugzilla at busybox.net Mon Aug 22 17:31:06 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Mon, 22 Aug 2022 17:31:06 +0000 Subject: [Bug 14786] `xxd -r` introduces spurious bytes In-Reply-To: References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14786 Denys Vlasenko changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Denys Vlasenko --- Fixed in git -- You are receiving this mail because: You are on the CC list for the bug. From vda.linux at googlemail.com Fri Aug 26 12:41:42 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Fri, 26 Aug 2022 14:41:42 +0200 Subject: [git commit] tree: make it unicode-aware Message-ID: <20220826124034.D1D7187DA2@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=b30d345cfd995f111797f3377a3caaa263616081 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master function old new delta tree_print 396 420 +24 .rodata 105251 105266 +15 tree_main 86 91 +5 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/0 up/down: 44/0) Total: 44 bytes Signed-off-by: Denys Vlasenko --- miscutils/tree.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/miscutils/tree.c b/miscutils/tree.c index 8b16c5383..10e5481c4 100644 --- a/miscutils/tree.c +++ b/miscutils/tree.c @@ -19,6 +19,7 @@ #include "libbb.h" #include "common_bufsiz.h" +#include "unicode.h" #define prefix_buf bb_common_bufsiz1 @@ -26,6 +27,17 @@ static void tree_print(unsigned count[2], const char* directory_name, char* pref { struct dirent **entries; int index, size; + const char *bar = "| "; + const char *mid = "|-- "; + const char *end = "`-- "; + +#if ENABLE_UNICODE_SUPPORT + if (unicode_status == UNICODE_ON) { + bar = "??????? "; + mid = "????????? "; + end = "????????? "; + } +#endif // read directory entries size = scandir(directory_name, &entries, NULL, alphasort); @@ -55,9 +67,9 @@ static void tree_print(unsigned count[2], const char* directory_name, char* pref status = lstat(dirent->d_name, &statBuf); if (index == size) { - strcpy(prefix_pos, "????????? "); + strcpy(prefix_pos, end); } else { - strcpy(prefix_pos, "????????? "); + strcpy(prefix_pos, mid); } fputs_stdout(prefix_buf); @@ -75,7 +87,7 @@ static void tree_print(unsigned count[2], const char* directory_name, char* pref if (index == size) { pos = stpcpy(prefix_pos, " "); } else { - pos = stpcpy(prefix_pos, "??????? "); + pos = stpcpy(prefix_pos, bar); } tree_print(count, dirent->d_name, pos); count[0]++; @@ -103,6 +115,7 @@ int tree_main(int argc UNUSED_PARAM, char **argv) unsigned count[2] = { 0, 0 }; setup_common_bufsiz(); + init_unicode(); if (!argv[1]) *argv-- = (char*)"."; From vda.linux at googlemail.com Fri Aug 26 12:54:45 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Fri, 26 Aug 2022 14:54:45 +0200 Subject: [git commit] tree: unicode tweak (use normal space char, 0x20) Message-ID: <20220826124034.DB90787DA3@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=1a1220a5b05ca7fd86fde22c4a8bb9692a06670e branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Signed-off-by: Denys Vlasenko --- miscutils/tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/miscutils/tree.c b/miscutils/tree.c index 10e5481c4..fa55696c6 100644 --- a/miscutils/tree.c +++ b/miscutils/tree.c @@ -33,7 +33,7 @@ static void tree_print(unsigned count[2], const char* directory_name, char* pref #if ENABLE_UNICODE_SUPPORT if (unicode_status == UNICODE_ON) { - bar = "??????? "; + bar = "??? "; mid = "????????? "; end = "????????? "; } From vda.linux at googlemail.com Fri Aug 26 15:09:47 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Fri, 26 Aug 2022 17:09:47 +0200 Subject: [git commit] devmem: add 128-bit width Message-ID: <20220826150809.05E0E87DA6@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=d432049f288c9acdc4a7caa729c68ceba3c5dca1 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Add 128-bit width if the compiler provides the needed type. function old new delta devmem_main 405 464 +59 .rodata 109025 109043 +18 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 77/0) Total: 77 bytes Signed-off-by: Aaro Koskinen Signed-off-by: Aaro Koskinen Signed-off-by: Denys Vlasenko --- miscutils/devmem.c | 68 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 44 insertions(+), 24 deletions(-) diff --git a/miscutils/devmem.c b/miscutils/devmem.c index f9f0276bc..f21621bd6 100644 --- a/miscutils/devmem.c +++ b/miscutils/devmem.c @@ -29,7 +29,6 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) { void *map_base, *virt_addr; uint64_t read_result; - uint64_t writeval = writeval; /* for compiler */ off_t target; unsigned page_size, mapped_size, offset_in_page; int fd; @@ -64,9 +63,6 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) width = strchrnul(bhwl, (argv[2][0] | 0x20)) - bhwl; width = sizes[width]; } - /* VALUE */ - if (argv[3]) - writeval = bb_strtoull(argv[3], NULL, 0); } else { /* argv[2] == NULL */ /* make argv[3] to be a valid thing to fetch */ argv--; @@ -96,28 +92,46 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) virt_addr = (char*)map_base + offset_in_page; if (!argv[3]) { - switch (width) { - case 8: - read_result = *(volatile uint8_t*)virt_addr; - break; - case 16: - read_result = *(volatile uint16_t*)virt_addr; - break; - case 32: - read_result = *(volatile uint32_t*)virt_addr; - break; - case 64: - read_result = *(volatile uint64_t*)virt_addr; - break; - default: - bb_simple_error_msg_and_die("bad width"); +#ifdef __SIZEOF_INT128__ + if (width == 128) { + unsigned __int128 rd = + *(volatile unsigned __int128 *)virt_addr; + printf("0x%016llX%016llX\n", + (unsigned long long)(uint64_t)(rd >> 64), + (unsigned long long)(uint64_t)rd + ); + } else +#endif + { + switch (width) { + case 8: + read_result = *(volatile uint8_t*)virt_addr; + break; + case 16: + read_result = *(volatile uint16_t*)virt_addr; + break; + case 32: + read_result = *(volatile uint32_t*)virt_addr; + break; + case 64: + read_result = *(volatile uint64_t*)virt_addr; + break; + default: + bb_simple_error_msg_and_die("bad width"); + } +// printf("Value at address 0x%"OFF_FMT"X (%p): 0x%llX\n", +// target, virt_addr, +// (unsigned long long)read_result); + /* Zero-padded output shows the width of access just done */ + printf("0x%0*llX\n", (width >> 2), (unsigned long long)read_result); } -// printf("Value at address 0x%"OFF_FMT"X (%p): 0x%llX\n", -// target, virt_addr, -// (unsigned long long)read_result); - /* Zero-padded output shows the width of access just done */ - printf("0x%0*llX\n", (width >> 2), (unsigned long long)read_result); } else { + /* parse VALUE */ +#ifdef __SIZEOF_INT128__ + unsigned __int128 writeval = strtoumax(argv[3], NULL, 0); +#else + uint64_t writeval = bb_strtoull(argv[3], NULL, 0); +#endif switch (width) { case 8: *(volatile uint8_t*)virt_addr = writeval; @@ -135,6 +149,12 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) *(volatile uint64_t*)virt_addr = writeval; // read_result = *(volatile uint64_t*)virt_addr; break; +#ifdef __SIZEOF_INT128__ + case 128: + *(volatile unsigned __int128 *)virt_addr = writeval; +// read_result = *(volatile uint64_t*)virt_addr; + break; +#endif default: bb_simple_error_msg_and_die("bad width"); } From bugzilla at busybox.net Sat Aug 27 01:42:12 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Sat, 27 Aug 2022 01:42:12 +0000 Subject: [Bug 14956] A use-after-free in busybox's bc applet In-Reply-To: References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14956 --- Comment #4 from xiechengliang --- yes, fix it -- You are receiving this mail because: You are on the CC list for the bug. From vda.linux at googlemail.com Sat Aug 27 17:56:21 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Sat, 27 Aug 2022 19:56:21 +0200 Subject: [git commit] ash: optional sleep builtin Message-ID: <20220827174202.6258187E2B@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=58598eb7093561d914a6254697e137b815f1fdfc branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master function old new delta sleepcmd - 10 +10 builtintab 352 360 +8 .rodata 105264 105271 +7 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 2/0 up/down: 25/0) Total: 25 bytes Signed-off-by: Shawn Landden Signed-off-by: Denys Vlasenko --- coreutils/sleep.c | 1 + include/libbb.h | 1 + libbb/duration.c | 6 ++++++ shell/ash.c | 11 +++++++++++ 4 files changed, 19 insertions(+) diff --git a/coreutils/sleep.c b/coreutils/sleep.c index 2658e84df..442841210 100644 --- a/coreutils/sleep.c +++ b/coreutils/sleep.c @@ -37,6 +37,7 @@ //applet:IF_SLEEP(APPLET(sleep, BB_DIR_BIN, BB_SUID_DROP)) //kbuild:lib-$(CONFIG_SLEEP) += sleep.o +//kbuild:lib-$(CONFIG_ASH_SLEEP) += sleep.o /* BB_AUDIT SUSv3 compliant */ /* BB_AUDIT GNU issues -- fancy version matches except args must be ints. */ diff --git a/include/libbb.h b/include/libbb.h index abbc9ac59..19ed9ec09 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -1510,6 +1510,7 @@ int ash_main(int argc, char** argv) IF_SHELL_ASH(MAIN_EXTERNALLY_VISIBLE); int hush_main(int argc, char** argv) IF_SHELL_HUSH(MAIN_EXTERNALLY_VISIBLE); /* If shell needs them, they exist even if not enabled as applets */ int echo_main(int argc, char** argv) IF_ECHO(MAIN_EXTERNALLY_VISIBLE); +int sleep_main(int argc, char **argv) IF_SLEEP(MAIN_EXTERNALLY_VISIBLE); int printf_main(int argc, char **argv) IF_PRINTF(MAIN_EXTERNALLY_VISIBLE); int test_main(int argc, char **argv) #if ENABLE_TEST || ENABLE_TEST1 || ENABLE_TEST2 diff --git a/libbb/duration.c b/libbb/duration.c index a6a29ddae..793d02f42 100644 --- a/libbb/duration.c +++ b/libbb/duration.c @@ -76,6 +76,12 @@ void FAST_FUNC sleep_for_duration(duration_t duration) ts.tv_sec = duration; ts.tv_nsec = (duration - ts.tv_sec) * 1000000000; } + /* NB: if ENABLE_ASH_SLEEP, we end up here if "sleep N" + * is run in ash. ^C will still work, because ash's signal handler + * does not return (it longjumps), the below loop + * will not continue looping. + * (This wouldn't work in hush) + */ do { errno = 0; nanosleep(&ts, &ts); diff --git a/shell/ash.c b/shell/ash.c index 55c1034f5..326f8b2a9 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -134,6 +134,11 @@ //config: default y //config: depends on SHELL_ASH //config: +//config:config ASH_SLEEP +//config: bool "sleep builtin" +//config: default y +//config: depends on SHELL_ASH +//config: //config:config ASH_HELP //config: bool "help builtin" //config: default y @@ -10155,6 +10160,9 @@ static int FAST_FUNC printfcmd(int argc, char **argv) { return printf_main(argc, #if ENABLE_ASH_TEST || BASH_TEST2 static int FAST_FUNC testcmd(int argc, char **argv) { return test_main(argc, argv); } #endif +#if ENABLE_ASH_SLEEP +static int FAST_FUNC sleepcmd(int argc, char **argv) { return sleep_main(argc, argv); } +#endif /* Keep these in proper order since it is searched via bsearch() */ static const struct builtincmd builtintab[] = { @@ -10217,6 +10225,9 @@ static const struct builtincmd builtintab[] = { { BUILTIN_SPEC_REG "return" , returncmd }, { BUILTIN_SPEC_REG "set" , setcmd }, { BUILTIN_SPEC_REG "shift" , shiftcmd }, +#if ENABLE_ASH_SLEEP + { BUILTIN_REGULAR "sleep" , sleepcmd }, +#endif #if BASH_SOURCE { BUILTIN_SPEC_REG "source" , dotcmd }, #endif From vda.linux at googlemail.com Tue Aug 30 14:41:17 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 30 Aug 2022 16:41:17 +0200 Subject: [git commit] *: style fix Message-ID: <20220830142625.0507A8804E@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=fe73c8d55795a8fe7e95fc2c00af6899817b96b8 branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Signed-off-by: Denys Vlasenko --- archival/dpkg.c | 2 +- coreutils/cut.c | 2 +- coreutils/test.c | 2 +- editors/patch.c | 16 ++++++------- editors/patch_toybox.c | 36 ++++++++++++++--------------- editors/vi.c | 2 +- examples/shutdown-1.0/script/hardshutdown.c | 4 ++-- miscutils/bc.c | 2 +- miscutils/devfsd.c | 6 ++--- miscutils/hdparm.c | 24 +++++++++---------- modutils/modutils-24.c | 2 +- networking/tc.c | 2 +- procps/nmeter.c | 4 ++-- 13 files changed, 52 insertions(+), 52 deletions(-) diff --git a/archival/dpkg.c b/archival/dpkg.c index bf070a001..8031956e9 100644 --- a/archival/dpkg.c +++ b/archival/dpkg.c @@ -1115,7 +1115,7 @@ static int check_deps(deb_file_t **deb_file, int deb_start /*, int dep_max_count if (package_edge->type == EDGE_PRE_DEPENDS || package_edge->type == EDGE_DEPENDS ) { - int result=1; + int result = 1; status_num = 0; /* If we are inside an alternative then check diff --git a/coreutils/cut.c b/coreutils/cut.c index 7009e74cf..55bdd9386 100644 --- a/coreutils/cut.c +++ b/coreutils/cut.c @@ -167,7 +167,7 @@ static void cut_file(FILE *file, const char *delim, const char *odelim, if (!cl_pos && !dcount && !shoe) { if (option_mask32 & CUT_OPT_SUPPRESS_FLGS) goto next_line; - } else if (dcountop_type == BINOP) unnest_msg_and_return(binop(), "1 && *dlist->data != TT.state) + if (TT.state > 1 && *dlist->data != TT.state) fdprintf(TT.state == 2 ? 2 : TT.fileout, - "%s\n", dlist->data+(TT.state>3 ? 1 : 0)); + "%s\n", dlist->data + (TT.state > 3 ? 1 : 0)); if (PATCH_DEBUG) fdprintf(2, "DO %d: %s\n", TT.state, dlist->data); @@ -221,7 +221,7 @@ static int apply_one_hunk(void) // Match EOF if there aren't as many ending context lines as beginning for (plist = TT.current_hunk; plist; plist = plist->next) { - if (plist->data[0]==' ') matcheof++; + if (plist->data[0] == ' ') matcheof++; else matcheof = 0; if (PATCH_DEBUG) fdprintf(2, "HUNK:%s\n", plist->data); } @@ -433,15 +433,15 @@ int patch_main(int argc UNUSED_PARAM, char **argv) // Are we assembling a hunk? if (state >= 2) { - if (*patchline==' ' || *patchline=='+' || *patchline=='-') { + if (*patchline == ' ' || *patchline == '+' || *patchline == '-') { dlist_add(&TT.current_hunk, patchline); if (*patchline != '+') oldlen--; if (*patchline != '-') newlen--; // Context line? - if (*patchline==' ' && state==2) TT.context++; - else state=3; + if (*patchline == ' ' && state == 2) TT.context++; + else state = 3; // If we've consumed all expected hunk lines, apply the hunk. @@ -469,9 +469,9 @@ int patch_main(int argc UNUSED_PARAM, char **argv) free(*name); // Trim date from end of filename (if any). We don't care. for (s = patchline+4; *s && *s!='\t'; s++) - if (*s=='\\' && s[1]) s++; + if (*s == '\\' && s[1]) s++; i = atoi(s); - if (i>1900 && i<=1970) + if (i > 1900 && i <= 1970) *name = xstrdup("/dev/null"); else { *s = 0; diff --git a/editors/patch_toybox.c b/editors/patch_toybox.c index 69a508b2e..5478ece7d 100644 --- a/editors/patch_toybox.c +++ b/editors/patch_toybox.c @@ -79,7 +79,7 @@ void TOY_llist_free(void *list, void (*freeit)(void *data)) else free(pop); // End doubly linked list too. - if (list==pop) break; + if (list == pop) break; } } @@ -137,11 +137,11 @@ char *get_rawline(int fd, long *plen, char end) long len = 0; for (;;) { - if (1>read(fd, &c, 1)) break; + if (1 > read(fd, &c, 1)) break; if (!(len & 63)) buf=xrealloc(buf, len+65); - if ((buf[len++]=c) == end) break; + if ((buf[len++] = c) == end) break; } - if (buf) buf[len]=0; + if (buf) buf[len] = 0; if (plen) *plen = len; return buf; @@ -153,7 +153,7 @@ char *get_line(int fd) long len; char *buf = get_rawline(fd, &len, '\n'); - if (buf && buf[--len]=='\n') buf[len]=0; + if (buf && buf[--len] == '\n') buf[len] = 0; return buf; } @@ -165,10 +165,10 @@ void xsendfile(int in, int out) long len; char buf[4096]; - if (in<0) return; + if (in < 0) return; for (;;) { len = safe_read(in, buf, 4096); - if (len<1) break; + if (len < 1) break; xwrite(out, buf, len); } } @@ -179,7 +179,7 @@ void replace_tempfile(int fdin, int fdout, char **tempname) { char *temp = xstrdup(*tempname); - temp[strlen(temp)-6]=0; + temp[strlen(temp)-6] = 0; if (fdin != -1) { xsendfile(fdin, fdout); xclose(fdin); @@ -263,9 +263,9 @@ static void do_line(void *data) { struct double_list *dlist = (struct double_list *)data; - if (TT.state>1 && *dlist->data != TT.state) + if (TT.state > 1 && *dlist->data != TT.state) fdprintf(TT.state == 2 ? 2 : TT.fileout, - "%s\n", dlist->data+(TT.state>3 ? 1 : 0)); + "%s\n", dlist->data + (TT.state > 3 ? 1 : 0)); if (PATCH_DEBUG) fdprintf(2, "DO %d: %s\n", TT.state, dlist->data); @@ -314,7 +314,7 @@ static int apply_one_hunk(void) // Match EOF if there aren't as many ending context lines as beginning for (plist = TT.current_hunk; plist; plist = plist->next) { - if (plist->data[0]==' ') matcheof++; + if (plist->data[0] == ' ') matcheof++; else matcheof = 0; if (PATCH_DEBUG) fdprintf(2, "HUNK:%s\n", plist->data); } @@ -385,7 +385,7 @@ static int apply_one_hunk(void) // If we've reached the end of the buffer without confirming a // match, read more lines. - if (check==buf) { + if (check == buf) { buf = 0; break; } @@ -456,15 +456,15 @@ int patch_main(int argc UNUSED_PARAM, char **argv) // Are we assembling a hunk? if (state >= 2) { - if (*patchline==' ' || *patchline=='+' || *patchline=='-') { + if (*patchline == ' ' || *patchline == '+' || *patchline == '-') { dlist_add(&TT.current_hunk, patchline); if (*patchline != '+') TT.oldlen--; if (*patchline != '-') TT.newlen--; // Context line? - if (*patchline==' ' && state==2) TT.context++; - else state=3; + if (*patchline == ' ' && state == 2) TT.context++; + else state = 3; // If we've consumed all expected hunk lines, apply the hunk. @@ -491,9 +491,9 @@ int patch_main(int argc UNUSED_PARAM, char **argv) // Trim date from end of filename (if any). We don't care. for (s = patchline+4; *s && *s!='\t'; s++) - if (*s=='\\' && s[1]) s++; + if (*s == '\\' && s[1]) s++; i = atoi(s); - if (i>1900 && i<=1970) + if (i > 1900 && i <= 1970) *name = xstrdup("/dev/null"); else { *s = 0; @@ -537,7 +537,7 @@ int patch_main(int argc UNUSED_PARAM, char **argv) // handle -p path truncation. for (i=0, s = name; *s;) { if ((option_mask32 & FLAG_PATHLEN) && TT.prefix == i) break; - if (*(s++)=='/') { + if (*(s++) == '/') { name = s; i++; } diff --git a/editors/vi.c b/editors/vi.c index 1f997e8e5..2645afe87 100644 --- a/editors/vi.c +++ b/editors/vi.c @@ -4327,7 +4327,7 @@ static void do_cmd(int c) c1 = get_one_char(); // ZQ means to exit without saving if (c1 == 'Q') { - editing=0; + editing = 0; optind = cmdline_filecnt; break; } diff --git a/examples/shutdown-1.0/script/hardshutdown.c b/examples/shutdown-1.0/script/hardshutdown.c index b4af26f0f..c90f55396 100644 --- a/examples/shutdown-1.0/script/hardshutdown.c +++ b/examples/shutdown-1.0/script/hardshutdown.c @@ -115,7 +115,7 @@ int main(int argc, char **argv) if (ptr) prog = ptr+1; - for (c=1; c < argc; c++) { + for (c = 1; c < argc; c++) { if (argv[c][0] >= '0' && argv[c][0] <= '9') { t.tv_sec = strtol(argv[c], NULL, 10); continue; @@ -124,7 +124,7 @@ int main(int argc, char **argv) usage(); return 1; } - for (i=1; argv[c][i]; i++) { + for (i = 1; argv[c][i]; i++) { switch (argv[c][i]) { case 'h': action = HALT; diff --git a/miscutils/bc.c b/miscutils/bc.c index 1300a63fb..c629c4763 100644 --- a/miscutils/bc.c +++ b/miscutils/bc.c @@ -3105,7 +3105,7 @@ static BC_STATUS zbc_lex_identifier(void) continue; match: // buf starts with keyword bc_lex_kws[i] - if (isalnum(buf[j]) || buf[j]=='_') + if (isalnum(buf[j]) || buf[j] == '_') continue; // "ifz" does not match "if" keyword, "if." does p->lex = BC_LEX_KEY_1st_keyword + i; if (!keyword_is_POSIX(i)) { diff --git a/miscutils/devfsd.c b/miscutils/devfsd.c index fb9ebcf60..297693f8c 100644 --- a/miscutils/devfsd.c +++ b/miscutils/devfsd.c @@ -976,7 +976,7 @@ static void action_compat(const struct devfsd_notify_struct *info, unsigned int rewind_ = info->devname[info->namelen - 1]; if (rewind_ != 'n') rewind_ = '\0'; - mode=0; + mode = 0; if (ptr[2] == 'l' /*108*/ || ptr[2] == 'm'/*109*/) mode = ptr[2] - 107; /* 1 or 2 */ if (ptr[2] == 'a') @@ -1595,11 +1595,11 @@ static char *write_old_sd_name(char *buffer, return buffer; } if ((major > 64) && (major < 72)) { - disc_index = ((major - 64) << 4) +(minor >> 4); + disc_index = ((major - 64) << 4) + (minor >> 4); if (disc_index < 26) sprintf(buffer, "sd%c%s", 'a' + disc_index, part); else - sprintf(buffer, "sd%c%c%s", 'a' +(disc_index / 26) - 1, 'a' + disc_index % 26, part); + sprintf(buffer, "sd%c%c%s", 'a' + (disc_index / 26) - 1, 'a' + disc_index % 26, part); return buffer; } return NULL; diff --git a/miscutils/hdparm.c b/miscutils/hdparm.c index d8d8f6166..83e2f8d53 100644 --- a/miscutils/hdparm.c +++ b/miscutils/hdparm.c @@ -798,7 +798,7 @@ static void identify(uint16_t *val) if (!(val[GEN_CONFIG] & NOT_ATA)) { dev = ATA_DEV; printf("ATA device, with "); - } else if (val[GEN_CONFIG]==CFA_SUPPORT_VAL) { + } else if (val[GEN_CONFIG] == CFA_SUPPORT_VAL) { dev = ATA_DEV; like_std = 4; printf("CompactFlash ATA device, with "); @@ -819,13 +819,13 @@ static void identify(uint16_t *val) * specific, it should be safe to check it now, even though we don't * know yet what standard this device is using. */ - if ((val[CONFIG]==STBY_NID_VAL) || (val[CONFIG]==STBY_ID_VAL) - || (val[CONFIG]==PWRD_NID_VAL) || (val[CONFIG]==PWRD_ID_VAL) + if ((val[CONFIG] == STBY_NID_VAL) || (val[CONFIG] == STBY_ID_VAL) + || (val[CONFIG] == PWRD_NID_VAL) || (val[CONFIG] == PWRD_ID_VAL) ) { like_std = 5; - if ((val[CONFIG]==STBY_NID_VAL) || (val[CONFIG]==STBY_ID_VAL)) + if ((val[CONFIG] == STBY_NID_VAL) || (val[CONFIG] == STBY_ID_VAL)) puts("powers-up in standby; SET FEATURES subcmd spins-up."); - if (((val[CONFIG]==STBY_NID_VAL) || (val[CONFIG]==PWRD_NID_VAL)) && (val[GEN_CONFIG] & INCOMPLETE)) + if (((val[CONFIG] == STBY_NID_VAL) || (val[CONFIG] == PWRD_NID_VAL)) && (val[GEN_CONFIG] & INCOMPLETE)) puts("\n\tWARNING: ID response incomplete.\n\tFollowing data may be incorrect.\n"); } @@ -853,7 +853,7 @@ static void identify(uint16_t *val) printf("\n\tSupported: "); jj = val[MAJOR] << 1; kk = like_std >4 ? like_std-4: 0; - for (ii = 14; (ii >0)&&(ii>kk); ii--) { + for (ii = 14; (ii > 0) && (ii > kk); ii--) { if (jj & 0x8000) { printf("%u ", ii); if (like_std < ii) { @@ -943,7 +943,7 @@ static void identify(uint16_t *val) for (ii = 1; ii < 15; ii++) { if (jj & 0x0001) printf("\t%s\n", nth_string(ata1_cfg_str, ii)); - jj >>=1; + jj >>= 1; } } if (dev == ATAPI_DEV) { @@ -952,7 +952,7 @@ static void identify(uint16_t *val) else if ((val[GEN_CONFIG] & DRQ_RESPONSE_TIME) == DRQ_INTR_VAL) strng = "<=10ms with INTRQ"; else if ((val[GEN_CONFIG] & DRQ_RESPONSE_TIME) == DRQ_50US_VAL) - strng ="50us"; + strng = "50us"; else strng = "unknown"; printf("\tDRQ response: %s\n\tPacket size: ", strng); /* Data Request (DRQ) */ @@ -1014,7 +1014,7 @@ static void identify(uint16_t *val) } if (!bbbig) - bbbig = (uint64_t)(ll>mm ? ll : mm); /* # 512 byte blocks */ + bbbig = (uint64_t)(ll > mm ? ll : mm); /* # 512 byte blocks */ printf("\tdevice size with M = 1024*1024: %11"PRIu64" MBytes\n", bbbig>>11); bbbig = (bbbig << 9) / 1000000; printf("\tdevice size with M = 1000*1000: %11"PRIu64" MBytes ", bbbig); @@ -1160,7 +1160,7 @@ static void identify(uint16_t *val) jj = ((val[ADV_PIO_MODES] & PIO_SUP) << 3) | 0x0007; for (ii = 0; ii <= PIO_MODE_MAX; ii++) { if (jj & 0x0001) printf("pio%d ", ii); - jj >>=1; + jj >>= 1; } bb_putchar('\n'); } else if (((min_std < 5) || (eqpt == CDROM)) && (val[PIO_MODE] & MODE)) { @@ -1199,7 +1199,7 @@ static void identify(uint16_t *val) } if (ii == 31) { if ((val[CMDS_SUPP_2] & VALID) != VALID_VAL) - ii +=16; + ii += 16; } } } @@ -1220,7 +1220,7 @@ static void identify(uint16_t *val) printf("\t%s\t%s\n", (!(jj & 0x0001)) ? "not" : "", nth_string(secu_str, ii)); - jj >>=1; + jj >>= 1; } if (val[SECU_STATUS] & SECU_ENABLED) { printf("\tSecurity level %s\n", diff --git a/modutils/modutils-24.c b/modutils/modutils-24.c index d0bc2a6ef..37c303f90 100644 --- a/modutils/modutils-24.c +++ b/modutils/modutils-24.c @@ -981,7 +981,7 @@ arch_apply_relocation(struct obj_file *f, (loc[1] & 0xFFFF); /* Add reloc offset */ - temp1+=v; + temp1 += v; /* Store back into code */ loc[0] = (loc[0] & 0xFFFF0000) | temp1 >> 16; diff --git a/networking/tc.c b/networking/tc.c index 46ad23d8b..43187f7ee 100644 --- a/networking/tc.c +++ b/networking/tc.c @@ -214,7 +214,7 @@ static int prio_print_opt(struct rtattr *opt) return 0; parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt, sizeof(*qopt)); printf("bands %u priomap ", qopt->bands); - for (i=0; i<=TC_PRIO_MAX; i++) + for (i = 0; i <= TC_PRIO_MAX; i++) printf(" %d", qopt->priomap[i]); if (tb[TCA_PRIO_MQ]) diff --git a/procps/nmeter.c b/procps/nmeter.c index 088d366bf..68e6f3325 100644 --- a/procps/nmeter.c +++ b/procps/nmeter.c @@ -515,7 +515,7 @@ static void FAST_FUNC collect_blk(blk_stat *s) return; } - for (i=0; i<2; i++) { + for (i = 0; i < 2; i++) { ullong old = s->old[i]; if (data[i] < old) old = data[i]; //sanitize s->old[i] = data[i]; @@ -597,7 +597,7 @@ static void FAST_FUNC collect_if(if_stat *s) return; } - for (i=0; i<4; i++) { + for (i = 0; i < 4; i++) { ullong old = s->old[i]; if (data[i] < old) old = data[i]; //sanitize s->old[i] = data[i]; From bugzilla at busybox.net Tue Aug 30 14:53:24 2022 From: bugzilla at busybox.net (bugzilla at busybox.net) Date: Tue, 30 Aug 2022 14:53:24 +0000 Subject: [Bug 14956] A use-after-free in busybox's bc applet In-Reply-To: References: Message-ID: https://bugs.busybox.net/show_bug.cgi?id=14956 Denys Vlasenko changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug. From vda.linux at googlemail.com Tue Aug 30 15:12:34 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 30 Aug 2022 17:12:34 +0200 Subject: [git commit] fix [ --help ] and [[ --help ]] Message-ID: <20220830145802.694A888056@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=dd79e1d4d3b9725e927d1c26e0d3fdb49e29ba9c branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master function old new delta show_usage_if_dash_dash_help 72 79 +7 Signed-off-by: Denys Vlasenko --- libbb/appletlib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libbb/appletlib.c b/libbb/appletlib.c index 9b9d7dbd6..d5335d353 100644 --- a/libbb/appletlib.c +++ b/libbb/appletlib.c @@ -937,6 +937,9 @@ void FAST_FUNC show_usage_if_dash_dash_help(int applet_no, char **argv) # endif # if defined APPLET_NO_echo && applet_no != APPLET_NO_echo +# endif +# if ENABLE_TEST1 || ENABLE_TEST2 + && argv[0][0] != '[' /* exclude [ --help ] and [[ --help ]] too */ # endif ) { if (argv[1] && strcmp(argv[1], "--help") == 0) { From vda.linux at googlemail.com Tue Aug 30 15:21:53 2022 From: vda.linux at googlemail.com (Denys Vlasenko) Date: Tue, 30 Aug 2022 17:21:53 +0200 Subject: [git commit] libbb: mark stack in assembly files read-only Message-ID: <20220830150800.0779E88071@busybox.osuosl.org> commit: https://git.busybox.net/busybox/commit/?id=526625bc83e63e6e5a3ec5296a1b868e72b3b01e branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master Signed-off-by: Ludwig Nussel Signed-off-by: Denys Vlasenko --- libbb/hash_md5_sha256_x86-32_shaNI.S | 3 +++ libbb/hash_md5_sha256_x86-64_shaNI.S | 3 +++ libbb/hash_md5_sha_x86-32_shaNI.S | 3 +++ libbb/hash_md5_sha_x86-64.S | 3 +++ libbb/hash_md5_sha_x86-64.S.sh | 3 +++ libbb/hash_md5_sha_x86-64_shaNI.S | 3 +++ 6 files changed, 18 insertions(+) diff --git a/libbb/hash_md5_sha256_x86-32_shaNI.S b/libbb/hash_md5_sha256_x86-32_shaNI.S index 3905bad9a..a0e4a571a 100644 --- a/libbb/hash_md5_sha256_x86-32_shaNI.S +++ b/libbb/hash_md5_sha256_x86-32_shaNI.S @@ -19,6 +19,9 @@ // We do not check SSSE3 in cpuid, // all SHA-capable CPUs support it as well. +#ifdef __linux__ + .section .note.GNU-stack, "", @progbits +#endif .section .text.sha256_process_block64_shaNI, "ax", @progbits .globl sha256_process_block64_shaNI .hidden sha256_process_block64_shaNI diff --git a/libbb/hash_md5_sha256_x86-64_shaNI.S b/libbb/hash_md5_sha256_x86-64_shaNI.S index 082ceafe4..172c2eae2 100644 --- a/libbb/hash_md5_sha256_x86-64_shaNI.S +++ b/libbb/hash_md5_sha256_x86-64_shaNI.S @@ -19,6 +19,9 @@ // We do not check SSSE3 in cpuid, // all SHA-capable CPUs support it as well. +#ifdef __linux__ + .section .note.GNU-stack, "", @progbits +#endif .section .text.sha256_process_block64_shaNI, "ax", @progbits .globl sha256_process_block64_shaNI .hidden sha256_process_block64_shaNI diff --git a/libbb/hash_md5_sha_x86-32_shaNI.S b/libbb/hash_md5_sha_x86-32_shaNI.S index 2366b046a..7455a29f0 100644 --- a/libbb/hash_md5_sha_x86-32_shaNI.S +++ b/libbb/hash_md5_sha_x86-32_shaNI.S @@ -25,6 +25,9 @@ // We do not check SSSE3/SSE4.1 in cpuid, // all SHA-capable CPUs support them as well. +#ifdef __linux__ + .section .note.GNU-stack, "", @progbits +#endif .section .text.sha1_process_block64_shaNI, "ax", @progbits .globl sha1_process_block64_shaNI .hidden sha1_process_block64_shaNI diff --git a/libbb/hash_md5_sha_x86-64.S b/libbb/hash_md5_sha_x86-64.S index 1d55b91f8..2cdd22015 100644 --- a/libbb/hash_md5_sha_x86-64.S +++ b/libbb/hash_md5_sha_x86-64.S @@ -1,6 +1,9 @@ ### Generated by hash_md5_sha_x86-64.S.sh ### #if CONFIG_SHA1_SMALL == 0 && defined(__GNUC__) && defined(__x86_64__) +#ifdef __linux__ + .section .note.GNU-stack, "", @progbits +#endif .section .text.sha1_process_block64, "ax", @progbits .globl sha1_process_block64 .hidden sha1_process_block64 diff --git a/libbb/hash_md5_sha_x86-64.S.sh b/libbb/hash_md5_sha_x86-64.S.sh index 40c979d35..653fe4989 100755 --- a/libbb/hash_md5_sha_x86-64.S.sh +++ b/libbb/hash_md5_sha_x86-64.S.sh @@ -127,6 +127,9 @@ echo \ "### Generated by hash_md5_sha_x86-64.S.sh ### #if CONFIG_SHA1_SMALL == 0 && defined(__GNUC__) && defined(__x86_64__) +#ifdef __linux__ + .section .note.GNU-stack, \"\", @progbits +#endif .section .text.sha1_process_block64, \"ax\", @progbits .globl sha1_process_block64 .hidden sha1_process_block64 diff --git a/libbb/hash_md5_sha_x86-64_shaNI.S b/libbb/hash_md5_sha_x86-64_shaNI.S index 794e97040..2f03e1ce4 100644 --- a/libbb/hash_md5_sha_x86-64_shaNI.S +++ b/libbb/hash_md5_sha_x86-64_shaNI.S @@ -25,6 +25,9 @@ // We do not check SSSE3/SSE4.1 in cpuid, // all SHA-capable CPUs support them as well. +#ifdef __linux__ + .section .note.GNU-stack, "", @progbits +#endif .section .text.sha1_process_block64_shaNI, "ax", @progbits .globl sha1_process_block64_shaNI .hidden sha1_process_block64_shaNI