summaryrefslogtreecommitdiff
path: root/src/misc
AgeCommit message (Collapse)AuthorLines
2018-02-25add public interface headers to implementation filesRich Felker-0/+2
general policy is that all source files defining a public API or an ABI mechanism referenced by a public header should include the public header that declares the interface, so that the compiler or analysis tools can check the consistency of the declarations. Alexander Monakov pointed out a number of violations of this principle a few years back. fix them now.
2018-02-24fix getopt wrongly treating colons in optstring as valid option charsRich Felker-1/+1
the ':' in optstring has special meaning as a flag applying to the previous option character, or to getopt's error handling behavior when it appears at the beginning. don't also accept a "-:" option based on its presence.
2018-02-23add getentropy functionRich Felker-0/+31
based loosely on patch by Hauke Mehrtens; converted to wrap the public API of the underlying getrandom function rather than direct syscalls, so that if/when a fallback implementation of getrandom is added it will automatically get picked up by getentropy too.
2018-02-05re-fix child reaping in wordexpAlexander Monakov-7/+1
Do not retry waitpid if the child was terminated by a signal. Do not examine status: since we are not passing any flags, we will not receive stop or continue notifications.
2018-01-31getopt_long: accept prefix match of long options containing equals signsSamuel Holland-1/+2
Consider the first equals sign found in the option to be the delimiter between it and its argument, even if it matches an equals sign in the option name. This avoids consuming the equals sign, which would prevent finding the argument. Instead, it forces a partial match of the part of the option name before the equals sign. Maintainer's note: GNU getopt_long does not explicitly document this behavior, but it can be seen as a consequence of how partial matches are specified, and at least GNU (bfd) ld is known to make use of it.
2018-01-31fix getopt_long arguments to partial matchesSamuel Holland-1/+3
If we find a partial option name match, we need to keep looking for ambiguous/conflicting options. However, we need to remember the position in the candidate argument to find its option-argument later, if there is one. This fixes e.g. option "foobar" being given as "--fooba=baz".
2018-01-09revise the definition of multiple basic locks in the codeJens Gustedt-1/+1
In all cases this is just a change from two volatile int to one.
2017-10-13fix incorrect base name offset from nftw when pathname ends in slash(es)Rich Felker-3/+9
the rightmost '/' character is not necessarily the delimiter before the basename; it could be a spurious trailing character on the directory name. this change does not introduce any normalization of pathnames or stripping of trailing slashes, contrary to at least glibc and perhaps other implementations; it jusst prevents their presence from breaking things. whether further changes should be made is an open question that may depend on conformance and/or application compatibility considerations. based loosely on patch by Joakim Sindholt.
2017-01-04fix getopt[_long] clobbering of optopt on successRich Felker-2/+5
getopt is only specified to modify optopt on error, and some software apparently infers an error from optopt!=0. getopt_long is changed analogously. the resulting behavior differs slightly from the behavior of the GNU implementation of getopt_long, which keeps an internal shadow copy of optopt and copies it to the public one on return, but since the GNU implementation also exhibits this shadow-copy behavior for plain getopt where is is non-conforming, I think this can reasonably be considered a bug rather than an intentional behavior that merits mimicing.
2016-10-20fix getopt_long_only misinterpreting "--" as an optionRich Felker-1/+1
2016-10-20use dynamic buffer for getmntentNatanael Copa-4/+13
overlayfs may have fairly long lines so we use getline to allocate a buffer dynamically. The buffer will be allocated on first use, expand as needed, but will never be free'ed. Downstream bug: http://bugs.alpinelinux.org/issues/5703 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
2016-05-23fix a64l undefined behavior on ILP32 archs, wrong results on LP64 archsRich Felker-3/+6
the difference of pointers is a signed type ptrdiff_t; if it is only 32-bit, left-shifting it by 30 bits produces undefined behavior. cast the difference to an appropriate unsigned type, uint32_t, before shifting to avoid this. the a64l function is specified to return a signed 32-bit result in type long. as noted in the bug report by Ed Schouten, converting implicitly from uint32_t only produces the desired result when long is a 32-bit type. since the computation has to be done in unsigned arithmetic to avoid overflow, simply cast the result to int32_t. further, POSIX leaves the behavior on invalid input unspecified but not undefined, so we should not take the difference between the potentially-null result of strchr and the base pointer without first checking the result. the simplest behavior is just returning the partial conversion already performed in this case, so do that.
2016-02-16fix unlikely corner cases in getopt's message printingRich Felker-2/+2
like fputs (see commit 10a17dfbad2c267d885817abc9c7589fc7ff630b), the message printing code for getopt assumed that fwrite only returns 0 on failure, but it can also happen on success if the total length to be written is zero. programs with zero-length argv[0] were affected. commit 500c6886c654fd45e4926990fee2c61d816be197 introduced this problem in getopt by fixing the fwrite behavior to conform to the requirements of ISO C. previously the wrong expectations of the getopt code were met by the fwrite implementation.
2015-08-21getsubopt: don't include leading = in value stringSteven Barth-1/+1
getsubopt incorrectly returns the delimiting = in the value string, this patch fixes it by increasing the pointer position by one. Signed-off-by: Steven Barth <cyrus@openwrt.org>
2015-07-09handle loss of syslog socket connectionRich Felker-7/+11
when traditional syslogd implementations are restarted, the old server socket ceases to exist and a new unix socket with the same pathname is created. when this happens, the default destination address associated with the client socket via connect is no longer valid, and attempts to send produce errors. this happens despite the socket being datagram type, and is in contrast to the behavior that would be seen with an IP datagram (UDP) socket. in order to avoid a situation where the application is unable to send further syslog messages without calling closelog, this patch makes syslog attempt to reconnect the socket when send returns an error indicating a lost connection. additionally, initial failure to connect the socket no longer results in the socket being closed. this ensures that an application which calls openlog to reserve the socket file descriptor will not run into a situation where transient connection failure (e.g. due to syslogd restart) prevents fd reservation. however, applications which may be unable to connect the socket later (e.g. due to chroot, restricted permissions, seccomp, etc.) will still fail to log if the syslog socket cannot be connected at openlog time or if it has to be reconnected later.
2015-03-15add alternate backend support for getgrouplistJosiah Worcester-24/+0
This completes the alternate backend support that was previously added to the getpw* and getgr* functions. Unlike those, though, it unconditionally queries nscd. Any groups from nscd that aren't in the /etc/groups file are added to the returned list, and any that are present in the file are ignored. The purpose of this behavior is to provide a view of the group database consistent with what is observed by the getgr* functions. If group memberships reported by nscd were honored when the corresponding group already has a definition in the /etc/groups file, the user's getgrouplist-based membership in the group would conflict with their non-membership in the reported gr_mem[] for the group. The changes made also make getgrouplist thread-safe and eliminate its clobbering of the global getgrent state.
2015-03-04eliminate atomics in syslog setlogmask functionRich Felker-4/+6
2015-03-03make all objects used with atomic operations volatileRich Felker-2/+2
the memory model we use internally for atomics permits plain loads of values which may be subject to concurrent modification without requiring that a special load function be used. since a compiler is free to make transformations that alter the number of loads or the way in which loads are performed, the compiler is theoretically free to break this usage. the most obvious concern is with atomic cas constructs: something of the form tmp=*p;a_cas(p,tmp,f(tmp)); could be transformed to a_cas(p,*p,f(*p)); where the latter is intended to show multiple loads of *p whose resulting values might fail to be equal; this would break the atomicity of the whole operation. but even more fundamental breakage is possible. with the changes being made now, objects that may be modified by atomics are modeled as volatile, and the atomic operations performed on them by other threads are modeled as asynchronous stores by hardware which happens to be acting on the request of another thread. such modeling of course does not itself address memory synchronization between cores/cpus, but that aspect was already handled. this all seems less than ideal, but it's the best we can do without mandating a C11 compiler and using the C11 model for atomics. in the case of pthread_once_t, the ABI type of the underlying object is not volatile-qualified. so we are assuming that accessing the object through a volatile-qualified lvalue via casts yields volatile access semantics. the language of the C standard is somewhat unclear on this matter, but this is an assumption the linux kernel also makes, and seems to be the correct interpretation of the standard.
2015-02-11fix bad character checking in wordexpRich Felker-0/+1
the character sequence '$((' was incorrectly interpreted as the opening of arithmetic even within single-quoted contexts, thereby suppressing the checks for bad characters after the closing quote. presently bad character checking is only performed when the WRDE_NOCMD is used; this patch only corrects checking in that case.
2015-01-21simplify part of getopt_longRich Felker-13/+11
as a result of commit e8e4e56a8ce1f3d7e4a027ff5478f2f8ea70c46b, the later code path for setting optarg to a null pointer is no longer necessary, and removing it eliminates an indention level and arguably makes the code more readable.
2015-01-21always set optarg in getopt_longRich Felker-1/+1
the standard getopt does not touch optarg unless processing an option with an argument. however, programs using the GNU getopt API, which we attempt to provide in getopt_long, expect optarg to be a null pointer after processing an option without an argument. before argument permutation support was added, such programs typically detected its absence and used their own replacement getopt_long, masking the discrepency in behavior.
2015-01-15for multithreaded set*id/setrlimit, handle case where callback does not runRich Felker-3/+3
in the current version of __synccall, the callback is always run, so failure to handle this case did not matter. however, the upcoming overhaul of __synccall will have failure cases, in which case the callback does not run and errno is already set. the changes being committed now are in preparation for that.
2015-01-13increase syslog message limit from 256 to 1024Rich Felker-1/+1
this addresses alpine linux issue #3692 and brings the syslog message length limit in alignment with uclibc's implementation.
2015-01-11fix regression in getopt_long support for non-option argumentsRich Felker-7/+6
commit b72cd07f176b876aa51864d93aa8101477b1d732 added support for a this feature in getopt, but it was later broken in the case where getopt_long is used as a side effect of the changes made in commit 91184c4f16b143107fa9935edebe5d2b20bd70d8, which prevented the underlying getopt call from seeing the leading '-' or '+' character in optstring. this commit changes the logic in the getopt_long core to check for a leading colon, possibly after the leading '-' or '+', without depending on the latter having been skipped by the caller. a minor incorrectness in the return value for one error condition in getopt_long is also fixed when opterr has been set to zero but optstring has no leading ':'.
2015-01-09check for connect failure in syslog log openingRich Felker-2/+6
based on patch by Dima Krasner, with minor improvements for code size. connect can fail if there is no listening syslogd, in which case a useless socket was kept open, preventing subsequent syslog call from attempting to connect again.
2014-12-21overhaul forkpty function using new login_ttyRich Felker-26/+45
based on discussion with and patches by Felix Janda. these changes started as an effort to factor forkpty in terms of login_tty, which returns an error and skips fd reassignment and closing if setting the controlling terminal failed. the previous forkpty code was unable to handle errors in the child, and did not attempt to; it just silently ignored them. but this would have been unacceptable when switching to using login_tty, since the child would start with the wrong stdin, stdout, and stderr and thereby clobber the parent's files. the new code uses the same technique as the posix_spawn implementation to convey any possible error in the child to the parent so that the parent can report failure to the caller. it is also safe against thread cancellation and against signal delivery in the child prior to the determination of success.
2014-12-20block pthread cancellation in openpty functionRich Felker-9/+14
being a nonstandard function, this isn't strictly necessary, but it's inexpensive and avoids unpleasant surprises. eventually I would like all functions in libc to be safe against cancellation, either ignoring it or acting on it cleanly.
2014-12-20don't write openpty results until success is determinedRich Felker-10/+12
not only is this semantically more correct; it also reduces code size slightly by eliminating the need for the compiler to assume the possibility of aliasing.
2014-12-20add login_tty functionFelix Janda-0/+14
2014-12-20set optopt in getopt_longRich Felker-0/+1
this is undocumented but possibly expected behavior of GNU getopt_long, and useful when error message printing has been suppressed.
2014-12-20add error message printing to getopt_long and make related improvementsRich Felker-6/+32
some related changes are also made to getopt, and the return value of getopt_long in the case of missing arguments is fixed.
2014-12-20support translation for getopt error messagesRich Felker-0/+2
2014-12-19fix stderr locking and ferror semantics in getopt message printingRich Felker-12/+16
if writing the error message fails, POSIX requires that ferror(stderr) be set. and as a function that operates on a stdio stream, getopt is required to lock the stream it uses, stderr. fwrite calls are used instead of fprintf since there is a demand from some users not to pull in heavy stdio machinery via getopt. this mimics the original code using write.
2014-12-13simplify getopt_long argv permutation loop logicRich Felker-3/+1
2014-12-13fix handling of "--" with getopt_long argv permutationRich Felker-1/+0
if argv permutation is used, the option terminator "--" should be moved before any skipped non-option arguments rather than being left in the argv tail where the caller will see and interpret it.
2014-12-11accept null longopts pointer in getopt_longRich Felker-1/+1
this is an undocumented feature of GNU getopt_long that the BSD version also mimics, and is reportedly needed by some programs.
2014-12-10fix getopt handling of initial '+' in optstringRich Felker-1/+1
in the case where an initial '+' was passed in optstring (a getopt_long feature to suppress argv permutation), getopt would fail to see a possible subsequent ':', resulting in incorrect handling of missing arguments.
2014-12-10support abbreviated options in getopt_longRich Felker-7/+18
2014-12-10support options after non-option arguments in getopt_long (argv permutation)Rich Felker-0/+39
2014-12-04fix getopt handling of ':' modifier for multibyte option charactersRich Felker-4/+9
the previous hard-coded offsets of +1 and +2 contained a hidden assumption that the option character matched was single-byte, despite this implementation of getopt attempting to support multibyte option characters. this patch reworks the matching logic to leave the final index pointing just past the matched character so that fixed offsets can be used to check for ':'.
2014-12-02add support for non-option arguments extension to getoptGianluca Anzolin-4/+20
this is a GNU extension, activated by including '-' as the first character of the options string, whereby non-option arguments are processed as if they were arguments to an option character '\1' rather than ending option processing.
2014-11-15getopt: fix optional argument processingFelix Fietkau-2/+2
Processing an option character with optional argument fails if the option is last on the command line. This happens because the if (optind >= argc) check runs first before testing for optional argument.
2014-08-08make endmntent function handle null argumentTimo Teräs-1/+1
The function originates from SunOS 4.x in which the null argument is allowed. glibc also handles this case.
2014-07-31implement ffsl and ffsll functionsRich Felker-0/+14
per the resolution of Austin Group issue #617, these are accepted for XSI option in POSIX future and thus I'm treating them as standard functions.
2014-07-19add issetugid function to check for elevated privilegeBrent Cook-0/+7
this function provides a way for third-party library code to use the same logic that's used internally in libc for suppressing untrusted input/state (e.g. the environment) when the application is running with privleges elevated by the setuid or setgid bit or some other mechanism. its semantics are intended to match the openbsd function by the same name. there was some question as to whether this function is necessary: getauxval(AT_SECURE) was proposed as an alternative. however, this has several drawbacks. the most obvious is that it asks programmers to be aware of an implementation detail of ELF-based systems (the aux vector) rather than simply the semantic predicate to be checked. and trying to write a safe, reliable version of issetugid in terms of getauxval is difficult. for example, early versions of the glibc getauxval did not report ENOENT, which could lead to false negatives if AT_SECURE was not present in the aux vector (this could probably only happen when running on non-linux kernels under linux emulation, since glibc does not support linux versions old enough to lack AT_SECURE). as for musl, getauxval has always properly reported errors, but prior to commit 7bece9c2095ee81f14b1088f6b0ba2f37fecb283, the musl implementation did not emulate AT_SECURE if missing, which would result in a false positive. since musl actually does partially support kernels that lack AT_SECURE, this was problematic. the intent is that library authors will use issetugid if its availability is detected at build time, and only fall back to the unreliable alternatives on systems that lack it. patch by Brent Cook. commit message/rationale by Rich Felker.
2014-07-17provide getauxval(AT_SECURE) even if it is missing from the aux vectorRich Felker-0/+1
this could happen on 2.4-series linux kernels that predate AT_SECURE and possibly on other kernels that are emulating the linux syscall API but not providing AT_SECURE in the aux vector at startup. in principle applications should be checking errno anyway, but this does not really work. to be secure, the caller would have to treat ENOENT (indeterminate result) as possibly-suid and thereby disable functionality in the typical non-suid usage case. and since glibc only runs on kernels that provide AT_SECURE, applications written to the glibc getauxval API might simply assume it succeeds.
2014-07-11implement the LOG_CONS option in syslogRich Felker-1/+9
this was previously a no-op, somewhat intentionally, because I failed to understand that it only has an effect when sending to the logging facility fails and thus is not the nuisance that it would be if always sent output to the console.
2014-07-11suppress early syslog return when log socket cannot be openedRich Felker-4/+1
this behavior is no longer valid in general, and was never necessary. if the LOG_PERROR option is set, output to stderr could still succeed. also, when the LOG_CONS option is added, it will need syslog to proceed even if opening the log socket fails.
2014-07-11implement the LOG_PERROR option in syslogRich Felker-2/+4
this is a nonstandard feature, but easy and inexpensive to add. since the corresponding macro has always been defined in our syslog.h, it makes sense to actually support it. applications may reasonably be using the presence of the macro to assume that the feature is supported. the behavior of omitting the 'header' part of the log message does not seem to be well-documented, but matches other implementations (at least glibc) which have this option. based on a patch by Clément Vasseur, but simplified using %n.
2014-07-11fix the %m specifier in syslogClément Vasseur-0/+3
errno must be saved upon vsyslog entry, otherwise its value could be changed by some libc function before reaching the %m handler in vsnprintf.