[Issue 498](https://github.com/landley/toybox/issues/498)
Apparently a "Security Issue" when dealing with 0 padded numbers
like strftime %m. (Which only matters on some BSD systems where toybox
test is being used but toybox date is not).
I'm not entirely convinced this is a good idea since this removes the
ability to do [ 100M -lt 10G ], A cool extension toybox provides.
"And for what?": The ability to interoperate with the OpenBSD (The only
utility set that I found that we care about which doesn't have it) utility
set when dealing with 0 padded time numbers apparently. but if you do care
about this fairly minor edge case enough to remove cool functionality for it.
The patch is attached for you.
- Oliver Webb <aquahobby...@proton.me>
P.S. Have you thought about making "[[" a MAYFORK instead of
a NOFORK like busybox does.
From 9e7f11b2da7a9106694477b69e5d37d33e565626 Mon Sep 17 00:00:00 2001
From: Oliver Webb <aquahobby...@proton.me>
Date: Sun, 21 Apr 2024 10:50:56 -0500
Subject: [PATCH] test.c: Only use atolx if calling under [[, so that [ 10 -eq
010 ], but [[ 10 -ne 010 ]]
---
toys/posix/test.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/toys/posix/test.c b/toys/posix/test.c
index 881bb668..3f89b414 100644
--- a/toys/posix/test.c
+++ b/toys/posix/test.c
@@ -56,6 +56,7 @@ static int do_test(char **args, int *count)
{
char c, *s;
int i;
+ long (*nconv)(const char *) = !strcmp(toys.which->name, "[[") ? atolx : atol;
if (*count>=3) {
*count = 3;
@@ -79,7 +80,7 @@ static int do_test(char **args, int *count)
return (*s=='<') ? i<0 : i>0;
}
if (*s=='-' && strlen(s)==3 && (s = strstr(ss, s+1)) && !((i = s-ss)&1)) {
- long long a = atolx(args[0]), b = atolx(args[2]);
+ long long a = nconv(args[0]), b = nconv(args[2]);
if (!i) return a == b;
if (i==2) return a != b;
--
2.44.0
_______________________________________________
Toybox mailing list
Toybox@lists.landley.net
http://lists.landley.net/listinfo.cgi/toybox-landley.net
