aboutsummaryrefslogtreecommitdiff
path: root/shell/hush.c
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2016-08-19 18:23:56 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2016-08-19 18:43:06 +0200
commit215b0ca6e4fe466c6942d21a1bba62d97f2d5e5d (patch)
tree4fbb9563d870ce8a5f8f08015424e358a1462677 /shell/hush.c
parentaedc3fe19fac368dc363050e0387d263b7e01cc6 (diff)
downloadbusybox-w32-215b0ca6e4fe466c6942d21a1bba62d97f2d5e5d.tar.gz
busybox-w32-215b0ca6e4fe466c6942d21a1bba62d97f2d5e5d.tar.bz2
busybox-w32-215b0ca6e4fe466c6942d21a1bba62d97f2d5e5d.zip
hush: fix a bug in FEATURE_SH_STANDALONE=y config. Closes 9186
Run this in a "sh SCRIPT": sha256sum /dev/null echo END sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s. By this time, entire script is read, and buffered in a FILE object from fopen("SCRIPT"). But fgetc() did not consume entire input. exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'. (this may be libc-specific). This change of fd position *is shared with the parent*! Now parent can read more, and it thinks there is another "echo END". End result: two "echo END"s are run. Fix this by _exit()ing instead. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'shell/hush.c')
-rw-r--r--shell/hush.c23
1 files changed, 20 insertions, 3 deletions
diff --git a/shell/hush.c b/shell/hush.c
index ab192e2cd..be5c98a20 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -1580,11 +1580,11 @@ static void hush_exit(int exitcode)
1580 } 1580 }
1581#endif 1581#endif
1582 1582
1583#if ENABLE_HUSH_JOB
1584 fflush_all(); 1583 fflush_all();
1584#if ENABLE_HUSH_JOB
1585 sigexit(- (exitcode & 0xff)); 1585 sigexit(- (exitcode & 0xff));
1586#else 1586#else
1587 exit(exitcode); 1587 _exit(exitcode);
1588#endif 1588#endif
1589} 1589}
1590 1590
@@ -6466,7 +6466,23 @@ static void dump_cmd_in_x_mode(char **argv)
6466 * Never returns. 6466 * Never returns.
6467 * Don't exit() here. If you don't exec, use _exit instead. 6467 * Don't exit() here. If you don't exec, use _exit instead.
6468 * The at_exit handlers apparently confuse the calling process, 6468 * The at_exit handlers apparently confuse the calling process,
6469 * in particular stdin handling. Not sure why? -- because of vfork! (vda) */ 6469 * in particular stdin handling. Not sure why? -- because of vfork! (vda)
6470 * Also, it was observed that on exit(), fgetc'ed buffered data
6471 * gets "unwound" by some libcs, via lseek(fd, -NUM, SEEK_CUR).
6472 * With the net effect that even after fork(), not vfork(),
6473 * exit() in NOEXECed applet in "sh SCRIPT":
6474 * noexec_applet_here
6475 * echo END_OF_SCRIPT
6476 * lseeks fd in input FILE object from EOF to "e" in "echo END_OF_SCRIPT".
6477 * This makes "echo END_OF_SCRIPT" executed twice. exexit() is the fix.
6478 */
6479#if ENABLE_FEATURE_SH_STANDALONE
6480static void exexit(void)
6481{
6482 fflush_all();
6483 _exit(xfunc_error_retval);
6484}
6485#endif
6470static void pseudo_exec_argv(nommu_save_t *nommu_save, 6486static void pseudo_exec_argv(nommu_save_t *nommu_save,
6471 char **argv, int assignment_cnt, 6487 char **argv, int assignment_cnt,
6472 char **argv_expanded) NORETURN; 6488 char **argv_expanded) NORETURN;
@@ -6547,6 +6563,7 @@ static NOINLINE void pseudo_exec_argv(nommu_save_t *nommu_save,
6547# if BB_MMU /* see above why on NOMMU it is not allowed */ 6563# if BB_MMU /* see above why on NOMMU it is not allowed */
6548 if (APPLET_IS_NOEXEC(a)) { 6564 if (APPLET_IS_NOEXEC(a)) {
6549 debug_printf_exec("running applet '%s'\n", argv[0]); 6565 debug_printf_exec("running applet '%s'\n", argv[0]);
6566 die_func = exexit;
6550 run_applet_no_and_exit(a, argv); 6567 run_applet_no_and_exit(a, argv);
6551 } 6568 }
6552# endif 6569# endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-13 18:41:05 +0000