Merge branch 'busybox' into merge

6 files changed, 169 insertions, 49 deletions

diff --git a/coreutils/test.c b/coreutils/test.c
index 008d90b25..b63e33cc0 100644
--- a/coreutils/test.c
+++ b/coreutils/test.c
@@ -426,8 +426,7 @@ struct test_statics {
         /* set only by check_operator(), either to bogus struct
          * or points to matching operator_t struct. Never NULL. */
         const struct operator_t *last_operator;
-        gid_t *group_array;
-        int ngroups;
+        struct cached_groupinfo *groupinfo;
 #if BASH_TEST2
         bool bash_test2;
 #endif
@@ -440,8 +439,7 @@ extern struct test_statics *BB_GLOBAL_CONST test_ptr_to_statics;
 #define S (*test_ptr_to_statics)
 #define args            (S.args         )
 #define last_operator   (S.last_operator)
-#define group_array     (S.group_array  )
-#define ngroups         (S.ngroups      )
+#define groupinfo       (S.groupinfo    )
 #define bash_test2      (S.bash_test2   )
 #define leaving         (S.leaving      )
 
@@ -449,7 +447,6 @@ extern struct test_statics *BB_GLOBAL_CONST test_ptr_to_statics;
         XZALLOC_CONST_PTR(&test_ptr_to_statics, sizeof(S)); \
 } while (0)
 #define DEINIT_S() do { \
-        free(group_array); \
         free(test_ptr_to_statics); \
 } while (0)
 
@@ -637,62 +634,52 @@ static int binop(void)
         /*return 1; - NOTREACHED */
 }
 
-static void initialize_group_array(void)
-{
-        group_array = bb_getgroups(&ngroups, NULL);
-}
-
 /* Return non-zero if GID is one that we have in our groups list. */
-//XXX: FIXME: duplicate of existing libbb function?
-// see toplevel TODO file:
-// possible code duplication ingroup() and is_a_group_member()
 static int is_a_group_member(gid_t gid)
 {
-        int i;
-
         /* Short-circuit if possible, maybe saving a call to getgroups(). */
-        if (gid == getgid() || gid == getegid())
+        if (gid == get_cached_egid(&groupinfo->egid))
                 return 1;
 
-        if (ngroups == 0)
-                initialize_group_array();
-
-        /* Search through the list looking for GID. */
-        for (i = 0; i < ngroups; i++)
-                if (gid == group_array[i])
-                        return 1;
-
-        return 0;
+        return is_in_supplementary_groups(groupinfo, gid);
 }
 
-
-/* Do the same thing access(2) does, but use the effective uid and gid,
-   and don't make the mistake of telling root that any file is
-   executable. */
-static int test_eaccess(struct stat *st, int mode)
+/*
+ * Similar to what access(2) does, but uses the effective uid and gid.
+ * Doesn't make the mistake of telling root that any file is executable.
+ * Returns non-zero if the file is accessible.
+ */
+static int test_st_mode(struct stat *st, int mode)
 {
-        unsigned int euid = geteuid();
+        enum { ANY_IX = S_IXUSR | S_IXGRP | S_IXOTH };
+        unsigned euid;
+
+        if (mode == X_OK) {
+                /* Do we already know with no extra syscalls? */
+                //if (!S_ISREG(st->st_mode))
+                //      return 0; /* not a regular file */
+                // ^^^ bash 5.2.15 "test -x" does not check this!
+                if ((st->st_mode & ANY_IX) == 0)
+                        return 0; /* no one can execute */
+                if ((st->st_mode & ANY_IX) == ANY_IX)
+                        return 1; /* anyone can execute */
+        }
 
+        euid = get_cached_euid(&groupinfo->euid);
         if (euid == 0) {
                 /* Root can read or write any file. */
                 if (mode != X_OK)
-                        return 0;
+                        return 1;
 
                 /* Root can execute any file that has any one of the execute
                  * bits set. */
-                if (st->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))
-                        return 0;
-        }
-
-        if (st->st_uid == euid)  /* owner */
+                mode = S_IXUSR | S_IXGRP | S_IXOTH;
+        } else if (st->st_uid == euid)  /* owner */
                 mode <<= 6;
         else if (is_a_group_member(st->st_gid))
                 mode <<= 3;
 
-        if (st->st_mode & mode)
-                return 0;
-
-        return -1;
+        return st->st_mode & mode;
 }
 
 
@@ -722,7 +709,7 @@ static int filstat(char *nm, enum token mode)
                         i = W_OK;
                 if (mode == FILEX)
                         i = X_OK;
-                return test_eaccess(&s, i) == 0;
+                return test_st_mode(&s, i);
         }
         if (is_file_type(mode)) {
                 if (mode == FILREG)
@@ -760,7 +747,7 @@ static int filstat(char *nm, enum token mode)
                 return ((s.st_mode & i) != 0);
         }
         if (mode == FILGZ)
-                return s.st_size > 0L;
+                return s.st_size != 0L; /* shorter than "> 0" test */
         if (mode == FILUID)
                 return s.st_uid == geteuid();
         if (mode == FILGID)
@@ -891,7 +878,7 @@ static number_t primary(enum token n)
 }
 
 
-int test_main(int argc, char **argv)
+int FAST_FUNC test_main2(struct cached_groupinfo *pgroupinfo, int argc, char **argv)
 {
         int res;
         const char *arg0;
@@ -924,6 +911,7 @@ int test_main(int argc, char **argv)
 
         /* We must do DEINIT_S() prior to returning */
         INIT_S();
+        groupinfo = pgroupinfo;
 
 #if BASH_TEST2
         bash_test2 = bt2;
@@ -1026,3 +1014,18 @@ int test_main(int argc, char **argv)
         DEINIT_S();
         return res;
 }
+
+int test_main(int argc, char **argv)
+{
+        struct cached_groupinfo info;
+        int r;
+
+        info.euid = -1;
+        info.egid = -1;
+        info.ngroups = 0;
+        info.supplementary_array = NULL;
+        r = test_main2(&info, argc, argv);
+        free(info.supplementary_array);
+
+        return r;
+}
diff --git a/include/libbb.h b/include/libbb.h
index b68f9b684..ff4a67481 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1261,6 +1261,19 @@ void die_if_bad_username(const char* name) FAST_FUNC;
  * Dies on errors (on Linux, only xrealloc can cause this, not internal getgroups call).
  */
 gid_t *bb_getgroups(int *ngroups, gid_t *group_array) FAST_FUNC;
+/*
+ * True if GID is in our getgroups() result.
+ * getgroups() is cached in supplementary_array[], to make successive calls faster.
+ */
+struct cached_groupinfo {
+        uid_t euid;
+        gid_t egid;
+        int ngroups;
+        gid_t *supplementary_array;
+};
+uid_t FAST_FUNC get_cached_euid(uid_t *euid);
+gid_t FAST_FUNC get_cached_egid(gid_t *egid);
+int FAST_FUNC is_in_supplementary_groups(struct cached_groupinfo *groupinfo, gid_t gid);
 
 #if ENABLE_FEATURE_UTMP
 void FAST_FUNC write_new_utmp(pid_t pid, int new_type, const char *tty_name, const char *username, const char *hostname);
@@ -1612,6 +1625,7 @@ int test_main(int argc, char **argv)
                 MAIN_EXTERNALLY_VISIBLE
 #endif
 ;
+int FAST_FUNC test_main2(struct cached_groupinfo *pgroupinfo, int argc, char **argv);
 int kill_main(int argc, char **argv)
 #if ENABLE_KILL || ENABLE_KILLALL || ENABLE_KILLALL5
                 MAIN_EXTERNALLY_VISIBLE
diff --git a/libbb/bb_getgroups.c b/libbb/bb_getgroups.c
index 5d83c729a..31cff2b41 100644
--- a/libbb/bb_getgroups.c
+++ b/libbb/bb_getgroups.c
@@ -45,3 +45,37 @@ gid_t* FAST_FUNC bb_getgroups(int *ngroups, gid_t *group_array)
                 *ngroups = n;
         return group_array;
 }
+
+uid_t FAST_FUNC get_cached_euid(uid_t *euid)
+{
+        if (*euid == (uid_t)-1)
+                *euid = geteuid();
+        return *euid;
+}
+
+gid_t FAST_FUNC get_cached_egid(gid_t *egid)
+{
+        if (*egid == (gid_t)-1)
+                *egid = getegid();
+        return *egid;
+}
+
+/* Return non-zero if GID is in our supplementary group list. */
+int FAST_FUNC is_in_supplementary_groups(struct cached_groupinfo *groupinfo, gid_t gid)
+{
+        int i;
+        int ngroups;
+        gid_t *group_array;
+
+        if (groupinfo->ngroups == 0)
+                groupinfo->supplementary_array = bb_getgroups(&groupinfo->ngroups, NULL);
+        ngroups = groupinfo->ngroups;
+        group_array = groupinfo->supplementary_array;
+
+        /* Search through the list looking for GID. */
+        for (i = 0; i < ngroups; i++)
+                if (gid == group_array[i])
+                        return 1;
+
+        return 0;
+}
diff --git a/libbb/hash_md5_sha.c b/libbb/hash_md5_sha.c
index 57a801459..75a61c32c 100644
--- a/libbb/hash_md5_sha.c
+++ b/libbb/hash_md5_sha.c
@@ -1313,7 +1313,9 @@ unsigned FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf)
         hash_size = 8;
         if (ctx->process_block == sha1_process_block64
 #if ENABLE_SHA1_HWACCEL
+# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
          || ctx->process_block == sha1_process_block64_shaNI
+# endif
 #endif
         ) {
                 hash_size = 5;
diff --git a/networking/libiproute/iplink.c b/networking/libiproute/iplink.c
index 37ed114bc..67602a466 100644
--- a/networking/libiproute/iplink.c
+++ b/networking/libiproute/iplink.c
@@ -51,6 +51,27 @@ struct ifla_vlan_flags {
 };
 #endif
 
+#if ENABLE_FEATURE_IP_LINK_CAN
+# ifndef CAN_CTRLMODE_ONE_SHOT
+#  define CAN_CTRLMODE_ONE_SHOT         0x08 /* One-Shot mode */
+# endif
+# ifndef CAN_CTRLMODE_BERR_REPORTING
+#  define CAN_CTRLMODE_BERR_REPORTING   0x10 /* Bus-error reporting */
+# endif
+# ifndef CAN_CTRLMODE_FD
+#  define CAN_CTRLMODE_FD               0x20 /* CAN FD mode */
+# endif
+# ifndef CAN_CTRLMODE_PRESUME_ACK
+#  define CAN_CTRLMODE_PRESUME_ACK      0x40 /* Ignore missing CAN ACKs */
+# endif
+# ifndef CAN_CTRLMODE_FD_NON_ISO
+#  define CAN_CTRLMODE_FD_NON_ISO       0x80 /* CAN FD in non-ISO mode */
+# endif
+# ifndef IFLA_CAN_TERMINATION
+#  define IFLA_CAN_TERMINATION          11
+# endif
+#endif
+
 /* taken from linux/sockios.h */
 #define SIOCSIFNAME  0x8923  /* set interface name */
 
diff --git a/shell/ash.c b/shell/ash.c
index 679846574..b37446233 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -671,6 +671,10 @@ struct globals_misc {
         char **trap_ptr;        /* used only by "trap hack" */
 
         /* Rarely referenced stuff */
+
+        /* Cached supplementary group array (for testing executable'ity of files) */
+        struct cached_groupinfo groupinfo;
+
 #if ENABLE_ASH_RANDOM_SUPPORT
         random_t random_gen;
 #endif
@@ -714,6 +718,7 @@ extern struct globals_misc *BB_GLOBAL_CONST ash_ptr_to_globals_misc;
 #define may_have_traps    (G_misc.may_have_traps   )
 #define trap        (G_misc.trap       )
 #define trap_ptr    (G_misc.trap_ptr   )
+#define groupinfo   (G_misc.groupinfo  )
 #define random_gen  (G_misc.random_gen )
 #define backgndpid  (G_misc.backgndpid )
 
@@ -729,6 +734,8 @@ extern struct globals_misc *BB_GLOBAL_CONST ash_ptr_to_globals_misc;
         curdir = nullstr; \
         physdir = nullstr; \
         trap_ptr = trap; \
+        groupinfo.euid = -1; \
+        groupinfo.egid = -1; \
 } while (0)
 
 
@@ -2579,7 +2586,7 @@ initvar(void)
 #if ENABLE_FEATURE_EDITING && ENABLE_FEATURE_EDITING_FANCY_PROMPT
         vps1.var_text = "PS1=\\w \\$ ";
 #else
-        if (!geteuid())
+        if (!get_cached_euid(&groupinfo.euid));
                 vps1.var_text = "PS1=# ";
 #endif
         vp = varinit;
@@ -11342,7 +11349,7 @@ static int FAST_FUNC echocmd(int argc, char **argv)   { return echo_main(argc, a
 static int FAST_FUNC printfcmd(int argc, char **argv) { return printf_main(argc, argv); }
 #endif
 #if ENABLE_ASH_TEST || BASH_TEST2
-static int FAST_FUNC testcmd(int argc, char **argv)   { return test_main(argc, argv); }
+static int FAST_FUNC testcmd(int argc, char **argv)   { return test_main2(&groupinfo, argc, argv); }
 #endif
 #if ENABLE_ASH_SLEEP
 static int FAST_FUNC sleepcmd(int argc, char **argv)  { return sleep_main(argc, argv); }
@@ -15101,6 +15108,42 @@ readcmdfile(char *name)
 
 /* ============ find_command inplementation */
 
+static int test_exec(/*const char *fullname,*/ struct stat *statb)
+{
+        /*
+         * TODO: use faccessat(AT_FDCWD, fullname, X_OK, AT_EACCESS)
+         * instead: executability may depend on ACLs, capabilities
+         * and who knows what else, not just mode bits.
+         * (faccessat2 syscall was added to Linux in May 14 2020)
+         */
+        mode_t stmode;
+        uid_t euid;
+        enum { ANY_IX = S_IXUSR | S_IXGRP | S_IXOTH };
+
+        /* Do we already know with no extra syscalls? */
+        if (!S_ISREG(statb->st_mode))
+                return 0; /* not a regular file */
+        if ((statb->st_mode & ANY_IX) == 0)
+                return 0; /* no one can execute */
+        if ((statb->st_mode & ANY_IX) == ANY_IX)
+                return 1; /* anyone can execute */
+
+        /* Executability depends on our euid/egid/supplementary groups */
+        stmode = S_IXOTH;
+        euid = get_cached_euid(&groupinfo.euid);
+        if (euid == 0)
+                /* for root user, any X bit is good enough */
+                stmode = ANY_IX;
+        else if (statb->st_uid == euid)
+                stmode = S_IXUSR;
+        else if (statb->st_gid == get_cached_egid(&groupinfo.egid))
+                stmode = S_IXGRP;
+        else if (is_in_supplementary_groups(&groupinfo, statb->st_gid))
+                stmode = S_IXGRP;
+
+        return statb->st_mode & stmode;
+}
+
 /*
  * Resolve a command name.  If you change this routine, you may have to
  * change the shellexec routine as well.
@@ -15128,9 +15171,12 @@ find_command(char *name, struct cmdentry *entry, int act, const char *path)
                                 if (errno == EINTR)
                                         continue;
 #endif
+ absfail:
                                 entry->cmdtype = CMDUNKNOWN;
                                 return;
                         }
+                        if (!test_exec(/*name,*/ &statb))
+                                goto absfail;
                 }
                 entry->cmdtype = CMDNORMAL;
                 return;
@@ -15275,9 +15321,6 @@ find_command(char *name, struct cmdentry *entry, int act, const char *path)
                                 e = errno;
                         goto loop;
                 }
-                e = EACCES;     /* if we fail, this will be the error */
-                if (!S_ISREG(statb.st_mode))
-                        continue;
                 if (lpathopt) {          /* this is a %func directory */
                         stalloc(len);
                         /* NB: stalloc will return space pointed by fullname
@@ -15290,6 +15333,9 @@ find_command(char *name, struct cmdentry *entry, int act, const char *path)
                         stunalloc(fullname);
                         goto success;
                 }
+                e = EACCES;     /* if we fail, this will be the error */
+                if (!test_exec(/*fullname,*/ &statb))
+                        continue;
                 TRACE(("searchexec \"%s\" returns \"%s\"\n", name, fullname));
                 if (!updatetbl) {
                         entry->cmdtype = CMDNORMAL;