NetBSD Problem Report #19832

Received: (qmail 5739 invoked by uid 605); 13 Jan 2003 09:23:45 -0000
Message-Id: <200301130923.h0D9Ned00586@night-porter.duskware.de>
Date: Mon, 13 Jan 2003 10:23:40 +0100 (MET)
From: Martin Husemann <martin@duskware.de>
Sender: gnats-bugs-owner@netbsd.org
Reply-To: martin@duskware.de
To: gnats-bugs@gnats.netbsd.org
Subject: /bin/sh has internationalization issues
X-Send-Pr-Version: 3.95

>Number:         19832
>Category:       bin
>Synopsis:       /bin/sh has internationalization issues
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 13 09:24:00 +0000 2003
>Closed-Date:    Mon Apr 04 14:41:31 +0000 2016
>Last-Modified:  Mon Apr 04 14:41:31 +0000 2016
>Originator:     Martin Husemann
>Release:        NetBSD 1.6L
>Organization:
>Environment:
System: NetBSD night-porter.duskware.de 1.6L NetBSD 1.6L (PORTER) #0: Sat Jan 4 12:45:09 CET 2003 martin@insomnia.duskware.de:/usr/src/sys/arch/i386/compile/PORTER i386
Architecture: i386
Machine: i386
>Description:

The /bin/sh code uses two magic constants generated by mksyntax: PEOF and UPEOF.
They need to be identical, but PEOF seems to be an integer, while UPEOF needs
to be the same value but as a char. UPEOF is never used directly, but PEOF
is and some macros (generated by mksyntax too) test against UPEOF.

PEOF is used as a out-of-band character in a zero terminated char* buffer, for
example to mark the end of a here-document. This means PEOF must be != '\0'
and no valid character inside a here document.

No such character exists, IMHO.

The arbitrary value chosen for PEOF right now is a valid printable character
in some locales on machines where unsigned chars are used if char == unsigned
char. It's an non printable/non alpha character if char == signed char in all
locales I know of, but there is no guarantee for this property - and I'm not
sure if this would forbid the character to occur in here documents.

>How-To-Repeat:
code inspection

>Fix:
Rotottile the code passing lengths around instead of relying on sentinels?
Maybe do it completely and make it multi-byte character safe?
>Release-Note:
>Audit-Trail:

From: David Laight <david@l8s.co.uk>
To: netbsd-bugs@netbsd.org
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: bin/19832: /bin/sh has internationalization issues
Date: Wed, 15 Jan 2003 17:22:15 +0000

 > >Fix:
 > Rotottile the code passing lengths around instead of relying on sentinels?
 > Maybe do it completely and make it multi-byte character safe?

 The shell also uses [0x81..0x8a] as 'special characters' (parser.h),
 maybe the (U)PEOF could be done the same way (with an escape if the
 special value occurs in the input data).

 (I've not looked at this today, but IIRC the macros that check for
 UPEOF are rarely called with strings that might contain UPEOF.)

 	David

 -- 
 David Laight: david@l8s.co.uk


 [The following was originally PR bin/38529.]
From: Christian Biere <christianbiere@gmx.de>
To: gnats-bugs@gnats.NetBSD.org
Subject: /bin/sh: Character 0x88 is illegal in redirects, 0x81 too
Date: Sun, 27 Apr 2008 17:08:52 +0200

 /bin/sh cannot handle filenames that contain characters \x81 or \x88
 in redirects because it strips these characters before processing the
 string. Therefore it actually accesses the wrong file. It also fails
 to set the exit code appropriately indicating success.

 Execute the following test shell script in a temporary directory:

 #! /bin/sh
 set -e
 i=128
 while [ $i -lt 256 ]
 do
        char="$(jot -c 1 "$i")"
        name='./zomfg-'"$char"'.wtf'
        echo LOL | dd of="$name" 2>/dev/null
        if read text < "$name"
        then rm -- "$name"
        else printf 'Cannot handle filenames with char %#x\n' "$i"
        fi
        i=$(($i + 1))
 done
 exit

 Note that there will be complaint if you run this before:

        echo LOL > "zomfg-.wtf"

 Because this file will be accessed instead of the intended file. If
 this wasn't bad enough, /bin/sh does not even report an error if you
 replace "read" in the above script with a non-built-in command like
 "cat" which is easily reproducible:

        cat < kjsdhbfkjsadfhdsjkhf && echo SUCCESS

 The above prints SUCCESS after some error message when using /bin/sh.

From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/19832 CVS commit: src/bin/sh
Date: Wed, 16 Mar 2016 11:44:35 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Wed Mar 16 15:44:35 UTC 2016

 Modified Files:
 	src/bin/sh: expand.c

 Log Message:
 PR/19832, PR/35423: Fix handling 0x81 and 0x82 characters in expansions
 ($VAR etc) that are used to generate filenames for redirections. (from kre)


 To generate a diff of this commit:
 cvs rdiff -u -r1.96 -r1.97 src/bin/sh/expand.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: wiz@NetBSD.org
State-Changed-When: Mon, 04 Apr 2016 12:37:20 +0000
State-Changed-Why:
This problem is probably fixed, please confirm!


State-Changed-From-To: feedback->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Mon, 04 Apr 2016 14:41:31 +0000
State-Changed-Why:
Should be fine now.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.