BusyBox mirror
 
 
 
 
 
 
Go to file
Denys Vlasenko 5ac04f2f02 ash: [EXPAND] Fix ifsfirst/ifslastp leak
Upstream commit:

    Date: Wed, 8 Sep 2010 20:07:26 +0800
    [EXPAND] Fix ifsfirst/ifslastp leak

    As it stands expandarg may return with a non-NULL ifslastp which
    then confuses any subsequent ifsbreakup user that doesn't clear
    it directly.

    What's worse, if we get interrupted before we hit ifsfree in
    expandarg we will leak memory.

    This patch fixes this by always calling ifsfree in expandarg
    thus ensuring that ifslastp is always NULL on the normal path.
    It also adds an ifsfree call to the RESET path to ensure that
    memory isn't leaked.

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Fallout 1:

    Date: Mon, 18 Oct 2010 10:55:42 +0800
    [EXPAND] Fix ifsfirst/ifslastp leak in casematch

    The commit f42e443bb511ed3224f09b4fcf0772438ebdbbfa

        [EXPAND] Fix ifsfirst/ifslastp leak

    revealed yet another ifsfirst/ifslastp leak in casematch.
    Previously it was hidden because ifsfirst/ifslastp was cleared
    unconditionally on entry (which caused the leakage of those
    entries).

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Fallout 2:

    Date: Sun, 28 Nov 2010 21:09:51 +0800
    [EXPAND] Free IFS state in evalbackcmd

    On Sun, Nov 07, 2010 at 04:04:20PM -0600, Jonathan Nieder wrote:
    > Herbert Xu wrote:
    > > commit f42e443bb511ed3224f09b4fcf0772438ebdbbfa
    > > Author: Herbert Xu <herbert@gondor.apana.org.au>
    > > Date:   Wed Sep 8 20:07:26 2010 +0800
    > >
    > >     [EXPAND] Fix ifsfirst/ifslastp leak
    >
    > Another puzzle bisecting to f42e443bb.  This one comes from the
    > grub-mkconfig script:
    >
    >  $ sh -c 'datadir=/usr/share; pkgdatadir=${datadir}/`cat`' 2>&1 | cat -A
    >  cat: M-^\^M^F^HM-4^M^F^HM-(^M^F^H: No such file or directory$
    >  cat: M-(^M^F^H: No such file or directory$
    >
    > Still reproducible with 016b529.  I'll try to find time to look into
    > it, but thought you might like to know nevertheless.

    This is the symptom of another leak.  In this case evalbackcmd
    occurs in the middle of an expansion (as it should) but the forked
    child never clears the previous IFS state.

    This patch adds the missing ifsfree call.

    This wasn't as much of a problem as the previously discovered leaks
    since all it means is that the child gets to carry around the parent's
    expansion state and the child is usually short-lived.

    Reported-by: Jonathan Nieder <jrnieder@gmail.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Fallout 3:

    Date: Tue, 15 Mar 2011 16:01:34 +0800
    [EXPAND] Free IFS state after here document expansion

    Here's another bug bisecting to f42e443bb ([EXPAND] Fix
    ifsfirst/ifslastp leak, 2010-09-08).  It was found with the following
    test case, based on the configure script for Tracker:

        dash -x -c '
                <<-_ACEOF
                $@
                _ACEOF
                exec
        ' - abcdefgh
        +
        + exec   ?a
        exec: 1: : Permission denied

    The missing ifsfree call is in expandarg when it returns to openhere
    during here document expansion.

    Reported-by: Aurelien Jarno <aurel32@debian.org>
    Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

function                                             old     new   delta
ifsfree                                                -      66     +66
ash_main                                            1490    1495      +5
argstr                                              1154    1159      +5
evalcase                                             275     270      -5
expandarg                                            972     888     -84
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/2 up/down: 76/-89)            Total: -13 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-10-27 14:46:50 +02:00
applets build system: always rewrite NUM_APPLETS.h 2016-08-23 20:21:36 +02:00
applets_sh applets_sh/*: Add a few more examples of "shell applets" 2012-02-09 18:23:33 +01:00
arch/i386 add comment why preferred stack boundary is 4 on i386 2007-07-23 21:05:06 +00:00
archival cpio: fix restoration of file ownership, closes 9306 2016-10-12 20:56:46 +02:00
configs traceroute: cleanup and fixes for packet size calculations 2016-09-28 18:44:48 +02:00
console-tools *: hopefully all setup_common_bufsiz() are in place 2016-04-21 18:38:51 +02:00
coreutils test: fix compile error in last commit 2016-10-02 02:35:13 +02:00
debianutils getopt32: add new syntax of 'o:+' and 'o:*' for -o NUM and -o LIST 2016-07-06 21:58:02 +02:00
docs docs: Update filenames in keep_data_small.txt 2016-08-22 20:15:50 +02:00
e2fsprogs *: slap on a few ALIGN1/2s where appropriate 2016-04-22 18:09:21 +02:00
editors awk: fix segfault on for loop syntax error 2016-10-24 02:09:56 +02:00
examples examples: update var_service/README again 2016-10-14 19:02:11 +02:00
findutils fix "aloc" -> "alloc" typos 2016-09-17 20:58:22 +02:00
include libbb: do not use fflush_unlocked, musl does not like fflush_unlocked(NULL) 2016-09-18 21:49:30 +02:00
init init: fix for FreeBSD console opening. Closes 9031 2016-08-22 20:56:58 +02:00
libbb lineedit: fix completion with applet names. closes 9361 2016-10-24 01:25:05 +02:00
libpwdgrp libbb: make parse_chown_usergroup_or_die() set unspecified uid/gid to -1 2015-10-19 04:37:19 +02:00
loginutils getopt32: add new syntax of 'o:+' and 'o:*' for -o NUM and -o LIST 2016-07-06 21:58:02 +02:00
mailutils sendmail: make it possible to pause after connection helper is started 2016-09-07 13:16:33 +02:00
miscutils strings: implement -t radix 2016-10-24 21:52:10 +02:00
modutils modutils: support finit_module syscall 2016-09-15 12:16:33 +02:00
networking udhcpc: check read of overload option data byte to be within packet 2016-10-25 14:26:36 +02:00
printutils printutils/*: convert to new-style "one file" applets 2015-10-19 00:45:46 +02:00
procps top: move free(prev_hist) out of signal path 2016-08-19 11:07:31 +02:00
qemu_multiarch_testing qemu_multiarch_testing/README: add a list of qemu's needed 2015-10-20 12:58:37 +02:00
runit svlogd: strip leading '!' from processor lines 2016-09-15 14:05:04 +02:00
scripts trylink: use "mktemp tmp.XXXXXXXXXX" to placate OS X 2016-07-12 13:54:35 +02:00
selinux getopt32: add new syntax of 'o:+' and 'o:*' for -o NUM and -o LIST 2016-07-06 21:58:02 +02:00
shell ash: [EXPAND] Fix ifsfirst/ifslastp leak 2016-10-27 14:46:50 +02:00
sysklogd getopt32: add new syntax of 'o:+' and 'o:*' for -o NUM and -o LIST 2016-07-06 21:58:02 +02:00
testsuite awk: fix segfault on for loop syntax error 2016-10-24 02:09:56 +02:00
util-linux more: accept and ignore a bunch of options 2016-10-11 15:29:38 +02:00
.gitignore Makefile: fix cscope target 2014-12-31 21:29:05 +01:00
.indent.pro First revision of the Busybox Style Guide and an accompanying .indent.pro 2000-07-24 22:36:06 +00:00
AUTHORS AUTHORS: Add myself to AUTHORS 2016-09-22 11:25:02 +02:00
Config.in Make busybox an optional applet 2016-05-31 02:44:34 +02:00
INSTALL Tweak INSTALL text 2012-04-17 12:28:13 +02:00
LICENSE LICENSE: update address of the FSF 2009-05-06 05:28:53 -04:00
Makefile Start 1.26.0 development cycle 2016-06-22 03:10:21 +02:00
Makefile.custom applets: Add installation of individual binaries 2015-07-01 19:10:03 +02:00
Makefile.flags build: add a sanitizer debug option 2016-02-12 22:12:47 -05:00
Makefile.help build system: "make hosttools" doesn't exist, remove it from "make help" 2014-01-09 11:03:46 +01:00
README typo fix 2015-05-03 18:24:33 +02:00
TODO TODO file: remove mpstat, iostat, powertop - we have them now 2015-11-04 19:39:54 +01:00
TODO_unicode ls: unicode fixes 2010-01-31 05:15:38 +01:00

README

Please see the LICENSE file for details on copying and usage.
Please refer to the INSTALL file for instructions on how to build.

What is busybox:

  BusyBox combines tiny versions of many common UNIX utilities into a single
  small executable.  It provides minimalist replacements for most of the
  utilities you usually find in bzip2, coreutils, dhcp, diffutils, e2fsprogs,
  file, findutils, gawk, grep, inetutils, less, modutils, net-tools, procps,
  sed, shadow, sysklogd, sysvinit, tar, util-linux, and vim.  The utilities
  in BusyBox often have fewer options than their full-featured cousins;
  however, the options that are included provide the expected functionality
  and behave very much like their larger counterparts.

  BusyBox has been written with size-optimization and limited resources in
  mind, both to produce small binaries and to reduce run-time memory usage.
  Busybox is also extremely modular so you can easily include or exclude
  commands (or features) at compile time.  This makes it easy to customize
  embedded systems; to create a working system, just add /dev, /etc, and a
  Linux kernel.  Busybox (usually together with uClibc) has also been used as
  a component of "thin client" desktop systems, live-CD distributions, rescue
  disks, installers, and so on.

  BusyBox provides a fairly complete POSIX environment for any small system,
  both embedded environments and more full featured systems concerned about
  space.  Busybox is slowly working towards implementing the full Single Unix
  Specification V3 (http://www.opengroup.org/onlinepubs/009695399/), but isn't
  there yet (and for size reasons will probably support at most UTF-8 for
  internationalization).  We are also interested in passing the Linux Test
  Project (http://ltp.sourceforge.net).

----------------

Using busybox:

  BusyBox is extremely configurable.  This allows you to include only the
  components and options you need, thereby reducing binary size.  Run 'make
  config' or 'make menuconfig' to select the functionality that you wish to
  enable.  (See 'make help' for more commands.)

  The behavior of busybox is determined by the name it's called under: as
  "cp" it behaves like cp, as "sed" it behaves like sed, and so on.  Called
  as "busybox" it takes the second argument as the name of the applet to
  run (I.E. "./busybox ls -l /proc").

  The "standalone shell" mode is an easy way to try out busybox; this is a
  command shell that calls the built-in applets without needing them to be
  installed in the path.  (Note that this requires /proc to be mounted, if
  testing from a boot floppy or in a chroot environment.)

  The build automatically generates a file "busybox.links", which is used by
  'make install' to create symlinks to the BusyBox binary for all compiled in
  commands.  This uses the CONFIG_PREFIX environment variable to specify
  where to install, and installs hardlinks or symlinks depending
  on the configuration preferences.  (You can also manually run
  the install script at "applets/install.sh").

----------------

Downloading the current source code:

  Source for the latest released version, as well as daily snapshots, can always
  be downloaded from

    http://busybox.net/downloads/

  You can browse the up to the minute source code and change history online.

    http://git.busybox.net/busybox/

  Anonymous GIT access is available.  For instructions, check out:

    http://www.busybox.net/source.html

  For those that are actively contributing and would like to check files in,
  see:

    http://busybox.net/developer.html

  The developers also have a bug and patch tracking system
  (https://bugs.busybox.net) although posting a bug/patch to the mailing list
  is generally a faster way of getting it fixed, and the complete archive of
  what happened is the git changelog.

  Note: if you want to compile busybox in a busybox environment you must
  select CONFIG_DESKTOP.

----------------

Getting help:

  when you find you need help, you can check out the busybox mailing list
  archives at http://busybox.net/lists/busybox/ or even join
  the mailing list if you are interested.

----------------

Bugs:

  if you find bugs, please submit a detailed bug report to the busybox mailing
  list at busybox@busybox.net.  a well-written bug report should include a
  transcript of a shell session that demonstrates the bad behavior and enables
  anyone else to duplicate the bug on their own machine. the following is such
  an example:

    to: busybox@busybox.net
    from: diligent@testing.linux.org
    subject: /bin/date doesn't work

    package: busybox
    version: 1.00

    when i execute busybox 'date' it produces unexpected results.
    with gnu date i get the following output:

	$ date
	fri oct  8 14:19:41 mdt 2004

    but when i use busybox date i get this instead:

	$ date
	illegal instruction

    i am using debian unstable, kernel version 2.4.25-vrs2 on a netwinder,
    and the latest uclibc from cvs.

	-diligent

  note the careful description and use of examples showing not only what
  busybox does, but also a counter example showing what an equivalent app
  does (or pointing to the text of a relevant standard).  Bug reports lacking
  such detail may never be fixed...  Thanks for understanding.

----------------

Portability:

  Busybox is developed and tested on Linux 2.4 and 2.6 kernels, compiled
  with gcc (the unit-at-a-time optimizations in version 3.4 and later are
  worth upgrading to get, but older versions should work), and linked against
  uClibc (0.9.27 or greater) or glibc (2.2 or greater).  In such an
  environment, the full set of busybox features should work, and if
  anything doesn't we want to know about it so we can fix it.

  There are many other environments out there, in which busybox may build
  and run just fine.  We just don't test them.  Since busybox consists of a
  large number of more or less independent applets, portability is a question
  of which features work where.  Some busybox applets (such as cat and rm) are
  highly portable and likely to work just about anywhere, while others (such as
  insmod and losetup) require recent Linux kernels with recent C libraries.

  Earlier versions of Linux and glibc may or may not work, for any given
  configuration.  Linux 2.2 or earlier should mostly work (there's still
  some support code in things like mount.c) but this is no longer regularly
  tested, and inherently won't support certain features (such as long files
  and --bind mounts).  The same is true for glibc 2.0 and 2.1: expect a higher
  testing and debugging burden using such old infrastructure.  (The busybox
  developers are not very interested in supporting these older versions, but
  will probably accept small self-contained patches to fix simple problems.)

  Some environments are not recommended.  Early versions of uClibc were buggy
  and missing many features: upgrade.  Linking against libc5 or dietlibc is
  not supported and not interesting to the busybox developers.  (The first is
  obsolete and has no known size or feature advantages over uClibc, the second
  has known bugs that its developers have actively refused to fix.)  Ancient
  Linux kernels (2.0.x and earlier) are similarly uninteresting.

  In theory it's possible to use Busybox under other operating systems (such as
  MacOS X, Solaris, Cygwin, or the BSD Fork Du Jour).  This generally involves
  a different kernel and a different C library at the same time.  While it
  should be possible to port the majority of the code to work in one of
  these environments, don't be surprised if it doesn't work out of the box.  If
  you're into that sort of thing, start small (selecting just a few applets)
  and work your way up.

  In 2005 Shaun Jackman has ported busybox to a combination of newlib
  and libgloss, and some of his patches have been integrated.

Supported hardware:

  BusyBox in general will build on any architecture supported by gcc.  We
  support both 32 and 64 bit platforms, and both big and little endian
  systems.

  Under 2.4 Linux kernels, kernel module loading was implemented in a
  platform-specific manner.  Busybox's insmod utility has been reported to
  work under ARM, CRIS, H8/300, x86, ia64, x86_64, m68k, MIPS, PowerPC, S390,
  SH3/4/5, Sparc, and v850e.  Anything else probably won't work.

  The module loading mechanism for the 2.6 kernel is much more generic, and
  we believe 2.6.x kernel module loading support should work on all
  architectures supported by the kernel.

----------------

Please feed suggestions, bug reports, insults, and bribes back to the busybox
mailing list:

	busybox@busybox.net

and/or maintainer:

	Denys Vlasenko
	<vda.linux@googlemail.com>