[Issue 498](https://github.com/landley/toybox/issues/498)
Apparently a "Security Issue" when dealing with 0 padded numbers like strftime %m. (Which only matters on some BSD systems where toybox test is being used but toybox date is not). I'm not entirely convinced this is a good idea since this removes the ability to do [ 100M -lt 10G ], A cool extension toybox provides. "And for what?": The ability to interoperate with the OpenBSD (The only utility set that I found that we care about which doesn't have it) utility set when dealing with 0 padded time numbers apparently. but if you do care about this fairly minor edge case enough to remove cool functionality for it. The patch is attached for you. - Oliver Webb <aquahobby...@proton.me> P.S. Have you thought about making "[[" a MAYFORK instead of a NOFORK like busybox does.
From 9e7f11b2da7a9106694477b69e5d37d33e565626 Mon Sep 17 00:00:00 2001 From: Oliver Webb <aquahobby...@proton.me> Date: Sun, 21 Apr 2024 10:50:56 -0500 Subject: [PATCH] test.c: Only use atolx if calling under [[, so that [ 10 -eq 010 ], but [[ 10 -ne 010 ]] --- toys/posix/test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/toys/posix/test.c b/toys/posix/test.c index 881bb668..3f89b414 100644 --- a/toys/posix/test.c +++ b/toys/posix/test.c @@ -56,6 +56,7 @@ static int do_test(char **args, int *count) { char c, *s; int i; + long (*nconv)(const char *) = !strcmp(toys.which->name, "[[") ? atolx : atol; if (*count>=3) { *count = 3; @@ -79,7 +80,7 @@ static int do_test(char **args, int *count) return (*s=='<') ? i<0 : i>0; } if (*s=='-' && strlen(s)==3 && (s = strstr(ss, s+1)) && !((i = s-ss)&1)) { - long long a = atolx(args[0]), b = atolx(args[2]); + long long a = nconv(args[0]), b = nconv(args[2]); if (!i) return a == b; if (i==2) return a != b; -- 2.44.0
_______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net