Re: [patch] ssh: null pointer dereference
Hello, On Sat, Apr 10, 2010 at 03:49:07PM +1000, Damien Miller wrote: Applied - thanks. This case shouldn't happen, if you are able to hit this code then please tell me how you do it :| I haven't hit this code, it was just something suspicious that I found. I've been looking for bugs to fix and when I noticed the large rewrite of ssh multiplexing code that you committed two months ago I thought I might take a closer look. Matthew
Re: [patch] less: filename globbing/expansion
Hello, On Fri, Apr 02, 2010 at 07:08:43PM -0700, Philip Guenther wrote: are we still tracking the upstream less(1) and if so, is the behavioral change acceptable there? On Sat, Apr 03, 2010 at 03:37:46PM +1030, Matthew Haub wrote: We no longer track upstream less(1). The last sync was 7 years ago. On Sat, Apr 03, 2010 at 07:34:40AM +0100, Nicholas Marriott wrote: Yes, but is that for a reason or just because nobody has updated it? Todd Miller would be the person to ask. Either way I've emailed the less maintainer to see whether he would be interested in using wordexp over lessecho on systems that support it. On Fri, Apr 02, 2010 at 07:08:43PM -0700, Philip Guenther wrote: if you want this, you should just implement wordexp(3) in libc and then use that. Done. This patch uses wordexp as a drop in replacement for glob when available. Matthew Index: configure === RCS file: /cvs/src/usr.bin/less/configure,v retrieving revision 1.3 diff -u configure --- configure 13 Apr 2003 18:26:25 - 1.3 +++ configure 6 Apr 2010 04:26:47 - @@ -4456,7 +4456,7 @@ -for ac_func in fsync memcpy popen _setjmp sigprocmask sigsetmask stat strchr strstr system +for ac_func in fsync memcpy popen _setjmp sigprocmask sigsetmask stat strchr strstr system wordexp do as_ac_var=`echo ac_cv_func_$ac_func | $as_tr_sh` echo $as_me:$LINENO: checking for $ac_func 5 Index: configure.ac === RCS file: /cvs/src/usr.bin/less/configure.ac,v retrieving revision 1.1.1.1 diff -u configure.ac --- configure.ac13 Apr 2003 18:21:21 - 1.1.1.1 +++ configure.ac6 Apr 2010 04:26:48 - @@ -211,7 +211,7 @@ # Checks for library functions. AC_TYPE_SIGNAL -AC_CHECK_FUNCS([fsync memcpy popen _setjmp sigprocmask sigsetmask stat strchr strstr system]) +AC_CHECK_FUNCS([fsync memcpy popen _setjmp sigprocmask sigsetmask stat strchr strstr system wordexp]) # Some systems have termios.h but not the corresponding functions. AC_CHECK_FUNC(tcgetattr, AC_DEFINE(HAVE_TERMIOS_FUNCS)) Index: defines.h.in === RCS file: /cvs/src/usr.bin/less/defines.h.in,v retrieving revision 1.2 diff -u defines.h.in --- defines.h.in14 Apr 2003 14:33:57 - 1.2 +++ defines.h.in6 Apr 2010 04:26:48 - @@ -346,6 +346,9 @@ /* Define HAVE_VOID if your compiler supports the void type. */ #undef HAVE_VOID +/* Define to 1 if you have the `wordexp' function. */ +#undef HAVE_WORDEXP + /* Define to 1 if you have the `_setjmp' function. */ #undef HAVE__SETJMP Index: filename.c === RCS file: /cvs/src/usr.bin/less/filename.c,v retrieving revision 1.13 diff -u filename.c --- filename.c 6 Dec 2006 05:03:29 - 1.13 +++ filename.c 6 Apr 2010 04:26:48 - @@ -37,6 +37,9 @@ #include signal.h #endif +#if HAVE_WORDEXP +#include wordexp.h +#endif #if HAVE_STAT #include sys/stat.h #ifndef S_ISDIR Index: lglob.h === RCS file: /cvs/src/usr.bin/less/lglob.h,v retrieving revision 1.3 diff -u lglob.h --- lglob.h 22 Apr 2003 22:57:13 - 1.3 +++ lglob.h 6 Apr 2010 04:26:48 - @@ -23,7 +23,18 @@ */ #include glob.h +#include defines.h +#if HAVE_WORDEXP +#defineGLOB_FLAGS (WRDE_NOCMD) +#defineDECL_GLOB_LIST(list)wordexp_t list; int i; int list##error; +#defineGLOB_LIST_FAILED(list) list##error != 0 +#defineSCAN_GLOB_LIST(list,p) i = 0; i list.we_wordc; i++ +#defineINIT_GLOB_LIST(list,p) p = list.we_wordv[i] +#defineGLOB_LIST_DONE(list)wordfree(list) +#defineGLOB_LIST(path,list)list##error = \ + wordexp(path,list,GLOB_FLAGS) +#else #define GLOB_FLAGS (GLOB_NOCHECK|GLOB_BRACE|GLOB_TILDE) #defineDECL_GLOB_LIST(list)glob_t list; int i; #defineGLOB_LIST(filename,list) glob(filename,GLOB_FLAGS,0,list) @@ -31,3 +42,4 @@ #defineSCAN_GLOB_LIST(list,p) i = 0; i list.gl_pathc; i++ #defineINIT_GLOB_LIST(list,p) p = list.gl_pathv[i] #defineGLOB_LIST_DONE(list)globfree(list) +#endif
[patch] openssl: pr/6282
Hello,
The openssl command line tool treats the non-null terminated buffer
mbuf as a C string when using the pop3 s_client feature. This causes
a segmentation fault with malloc.conf option J set when BIO_printf()
runs off the end of the buffer. The following patch fixes PR 6282.
Matthew
Index: s_client.c
===
RCS file: /cvs/src/lib/libssl/src/apps/s_client.c,v
retrieving revision 1.19
diff -u s_client.c
--- s_client.c 30 Jan 2009 03:56:05 - 1.19
+++ s_client.c 6 Apr 2010 13:26:17 -
@@ -1074,7 +1074,7 @@
if (starttls_proto)
{
- BIO_printf(bio_err,%s,mbuf);
+ BIO_write(bio_err, mbuf, mbuf_len);
/* We don't need to know any more */
starttls_proto = PROTO_OFF;
}
[patch] libc: wordexp support
Hello,
This patch adds support for wordexp(3) and wordfree(3) to libc. These
functions conform to IEEE Std 1003.1-2001 (POSIX). The implementation
comes from NetBSD and uses a shell builtin, wordexp, to perform the
expansion in line with the methods suggested in the specification[1].
Matthew
[1] http://www.opengroup.org/onlinepubs/9699919799/functions/wordexp.html
Index: bin/ksh/c_ksh.c
===
RCS file: /cvs/src/bin/ksh/c_ksh.c,v
retrieving revision 1.33
diff -N -u -p bin/ksh/c_ksh.c
--- bin/ksh/c_ksh.c 7 Feb 2009 14:03:24 - 1.33
+++ bin/ksh/c_ksh.c 6 Apr 2010 04:36:45 -
@@ -520,6 +520,32 @@ c_whence(char **wp)
return ret;
}
+/*
+ * Do most of the work for wordexp(3). The output is a NULL delimited string
+ * of the format: nwords\0nchars\0word1\0word2\0...wordn\0.
+ */
+int
+c_wordexp(char **wp)
+{
+ unsigned int i, len;
+
+ len = 0;
+
+ if (wp[0] == NULL)
+ return (1);
+
+ for (i = 1; wp[i] != NULL; i++)
+ len += strlen(wp[i]);
+
+ shprintf(%u%c, i - 1, '\0');
+ shprintf(%u%c, len, '\0');
+
+ for (i = 1; wp[i] != NULL; i++)
+ shprintf(%s%c, wp[i], '\0');
+
+ return (0);
+}
+
/* Deal with command -vV - command -p dealt with in comexec() */
int
c_command(char **wp)
@@ -1400,6 +1426,7 @@ const struct builtin kshbuiltins [] = {
{=typeset, c_typeset},
{+unalias, c_unalias},
{whence, c_whence},
+ {wordexp, c_wordexp},
#ifdef JOBS
{+bg, c_fgbg},
{+fg, c_fgbg},
Index: bin/ksh/proto.h
===
RCS file: /cvs/src/bin/ksh/proto.h,v
retrieving revision 1.32
diff -N -u -p bin/ksh/proto.h
--- bin/ksh/proto.h 29 Jan 2009 23:27:26 - 1.32
+++ bin/ksh/proto.h 6 Apr 2010 04:36:45 -
@@ -29,6 +29,7 @@ int c_kill(char **);
void getopts_reset(int);
intc_getopts(char **);
intc_bind(char **);
+intc_wordexp(char **);
/* c_sh.c */
intc_label(char **);
intc_shift(char **);
Index: include/Makefile
===
RCS file: /cvs/src/include/Makefile,v
retrieving revision 1.153
diff -N -u -p include/Makefile
--- include/Makefile3 Feb 2010 20:49:58 - 1.153
+++ include/Makefile6 Apr 2010 04:36:45 -
@@ -23,7 +23,7 @@ FILES=a.out.h ar.h assert.h bitstring.h blf.h bm.h bs
stdbool.h stddef.h stdio.h stdlib.h \
string.h strings.h struct.h sysexits.h tar.h \
time.h ttyent.h tzfile.h unistd.h utime.h utmp.h vis.h \
- wchar.h wctype.h
+ wchar.h wctype.h wordexp.h
FILES+=link.h link_aout.h link_elf.h
Index: include/wordexp.h
===
RCS file: include/wordexp.h
diff -N -u -p include/wordexp.h
--- /dev/null 5 Apr 2010 22:36:46 -
+++ include/wordexp.h 6 Apr 2010 04:36:45 -
@@ -0,0 +1,74 @@
+/* $NetBSD: wordexp.h,v 1.2 2008/04/01 19:23:28 drochner Exp $ */
+
+/*-
+ * Copyright (c) 2002 Tim J. Robbins.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: /repoman/r/ncvs/src/include/wordexp.h,v 1.4 2003/01/03 12:03:38
tjr Exp $
+ */
+
+#ifndef _WORDEXP_H_
+#define _WORDEXP_H_
+
+#include sys/cdefs.h
+
+typedef struct {
+ size_t we_wordc; /* count of words matched */
+ char**we_wordv; /* pointer to list of words */
+ size_t we_offs;/* slots to reserve in we_wordv */
+
+ /* internal */
+ char*we_strings;/* storage for wordv strings */
+
Re: [patch] ksh: autocomplete special characters
Hello,
On Sun, Apr 04, 2010 at 11:41:56AM +0930, Matthew Haub wrote:
The following patch fixes ksh autocomplete support for files within
directories containing []:`$= characters. This also fixes the problem
ray@ was experiencing with the back quotes in PR user/6006.
Here's the same patch with an unnecessary if statement removed.
Index: edit.c
===
RCS file: /cvs/src/bin/ksh/edit.c,v
retrieving revision 1.33
diff -u edit.c
--- edit.c 2 Aug 2007 10:50:25 - 1.33
+++ edit.c 4 Apr 2010 04:07:00 -
@@ -391,9 +391,20 @@
continue;
}
+ /* except for characters that must be quoted to the lexer */
+ if (escaping) {
+ escaping = 0;
+
+ switch (toglob[i]) {
+ case '[':
+ case '`':
+ case '$':
+ toglob[idx++] = '\\';
+ }
+ }
+
toglob[idx] = toglob[i];
idx++;
- if (escaping) escaping = 0;
}
toglob[idx] = '\0';
@@ -847,7 +858,7 @@
int rval=0;
for (add = 0, wlen = len; wlen - add 0; add++) {
- if (strchr(\\$(){}[]?*;#|\'`, s[add]) || strchr(ifs,
s[add])) {
+ if (strchr(\\$(){}[]?*;#|\'=`:, s[add]) || strchr(ifs,
s[add])) {
if (putbuf_func(s, add) != 0) {
rval = -1;
break;
Index: lex.c
===
RCS file: /cvs/src/bin/ksh/lex.c,v
retrieving revision 1.44
diff -u lex.c
--- lex.c 3 Jul 2008 17:52:08 - 1.44
+++ lex.c 4 Apr 2010 04:07:00 -
@@ -289,7 +289,9 @@
c = getsc();
switch (c) {
case '\\':
- case '$': case '`':
+ case '$':
+ case '`':
+ case '[':
*wp++ = QCHAR, *wp++ = c;
break;
case '':
Re: [patch] less: filename globbing/expansion
Hello, On Fri, Apr 02, 2010 at 07:08:43PM -0700, Philip Guenther wrote: if you want this, you should just implement wordexp(3) in libc and then use that. I'll look into it, thank you. are we still tracking the upstream less(1) and if so, is the behavioral change acceptable there? We no longer track upstream less(1). The last sync was 7 years ago. Matthew
[patch] less: filename globbing/expansion
Hello,
less(1) fails to write its buffer to pathnames with environment
variables or the tilda home directory shortcut in them. The following
patch corrects this by using the shell to glob filenames with lessecho
instead of glob(3).
Reproduction instructions:
$ echo hi | less
hi
[type s~/newfile.txt]
Cannot write to ~/newfile.txt (press RETURN)
$ echo hi | less
hi
[type s$HOME/ksh.patch]
Cannot write to $HOME/ksh.patch (press RETURN)
Index: Makefile.in
===
RCS file: /cvs/src/usr.bin/less/Makefile.in,v
retrieving revision 1.9
diff -u Makefile.in
--- Makefile.in 16 Apr 2003 19:10:09 - 1.9
+++ Makefile.in 28 Mar 2010 03:11:52 -
@@ -48,7 +48,7 @@
output.${O} position.${O} prompt.${O} search.${O} signal.${O} \
tags.${O} ttyin.${O} version.${O} @REGEX_O@
-all: less lesskey
+all: less lesskey lessecho
less: ${OBJ}
${CC} ${LDFLAGS} -o $@ ${OBJ} ${LIBS}
@@ -56,6 +56,9 @@
lesskey: lesskey.${O} version.${O}
${CC} ${LDFLAGS} -o $@ lesskey.${O} version.${O}
+lessecho: lessecho.${O} version.${O}
+ ${CC} ${LDFLAGS} -o $@ lessecho.${O} version.${O}
+
${OBJ}: ${srcdir}/less.h ${srcdir}/funcs.h defines.h
filename.${O}: ${srcdir}/filename.c
@@ -67,6 +70,7 @@
install: all
${INSTALL_PROGRAM} less ${bindir}/${binprefix}less
${INSTALL_PROGRAM} lesskey ${bindir}/${binprefix}lesskey
+ ${INSTALL_PROGRAM} lessecho ${bindir}/${binprefix}lessecho
install-strip:
${MAKE} INSTALL_PROGRAM='${INSTALL_PROGRAM} -s' install
Index: lglob.h
===
RCS file: /cvs/src/usr.bin/less/lglob.h,v
retrieving revision 1.3
diff -u lglob.h
--- lglob.h 22 Apr 2003 22:57:13 - 1.3
+++ lglob.h 28 Mar 2010 03:12:12 -
@@ -25,7 +25,9 @@
#include glob.h
#define GLOB_FLAGS (GLOB_NOCHECK|GLOB_BRACE|GLOB_TILDE)
+#if 0
#defineDECL_GLOB_LIST(list)glob_t list; int i;
+#endif
#defineGLOB_LIST(filename,list)
glob(filename,GLOB_FLAGS,0,list)
#defineGLOB_LIST_FAILED(list) 0
#defineSCAN_GLOB_LIST(list,p) i = 0; i list.gl_pathc; i++
[patch] ssh: null pointer dereference
Hello,
If channel_by_id() in mux_master_control_cleanup_cb() fails to find the
session channel then pointer sc will be NULL when dereferenced.
Index: usr.bin/ssh/mux.c
===
RCS file: /cvs/src/usr.bin/ssh/mux.c,v
retrieving revision 1.14
diff -u usr.bin/ssh/mux.c
--- usr.bin/ssh/mux.c 30 Jan 2010 02:54:53 - 1.14
+++ usr.bin/ssh/mux.c 27 Mar 2010 09:42:44 -
@@ -189,7 +189,7 @@
fatal(%s: channel_by_id(%i) == NULL, __func__, cid);
if (c-remote_id != -1) {
if ((sc = channel_by_id(c-remote_id)) == NULL)
- debug2(%s: channel %d n session channel %d,
+ fatal(%s: channel %d missing session channel %d,
__func__, c-self, c-remote_id);
c-remote_id = -1;
sc-ctl_chan = -1;
