diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2022-09-01 15:21:29 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2022-09-01 15:21:29 +0000 |
| commit | 70ae1873615ab6a46b0008d8ed4c7ea153830fd9 (patch) | |
| tree | 6ffe565293ec572308c9e85da5b9d9ef06a209e7 /usr.bin | |
| parent | 36b21fa25500f8cfb71ca4a0d5d5c098a93b7eb3 (diff) | |
Update awk to Aug 30, 2022 version.
Various leaks and use-after-free issues plugged/fixed.
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/awk/FIXES | 7 | ||||
| -rw-r--r-- | usr.bin/awk/awk.h | 4 | ||||
| -rw-r--r-- | usr.bin/awk/awkgram.y | 37 | ||||
| -rw-r--r-- | usr.bin/awk/lex.c | 6 | ||||
| -rw-r--r-- | usr.bin/awk/lib.c | 3 | ||||
| -rw-r--r-- | usr.bin/awk/main.c | 4 | ||||
| -rw-r--r-- | usr.bin/awk/run.c | 16 |
7 files changed, 46 insertions, 31 deletions
diff --git a/usr.bin/awk/FIXES b/usr.bin/awk/FIXES index e5ee5cfc803..ec76a4ee1b8 100644 --- a/usr.bin/awk/FIXES +++ b/usr.bin/awk/FIXES @@ -23,8 +23,11 @@ THIS SOFTWARE. ****************************************************************/ This file lists all bug fixes, changes, etc., made since the AWK book -was sent to the printers in August, 1987. +was sent to the printers in August 1987. +Aug 30, 2022: + Various leaks and use-after-free issues plugged/fixed. + Thanks to Miguel Pineiro Jr. <mpj@pineiro.cc>. May 23, 2022: Memory leak when assigning a string to some of the built-in @@ -326,7 +329,7 @@ Mar 3, 2019: #12: Avoid undefined behaviour when using ctype(3) functions in relex(). Thanks to GitHub user iamleot. #31: Make getline handle numeric strings, and update FIXES. Thanks - to GitHub user arnoldrobbins. + to GitHub user Arnold Robbins (arnoldrobbins) #32: maketab: support build systems with read-only source. Thanks to GitHub user enh. diff --git a/usr.bin/awk/awk.h b/usr.bin/awk/awk.h index 25dfec2fcc4..1c389ce8c20 100644 --- a/usr.bin/awk/awk.h +++ b/usr.bin/awk/awk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: awk.h,v 1.27 2020/08/28 16:29:16 millert Exp $ */ +/* $OpenBSD: awk.h,v 1.28 2022/09/01 15:21:28 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -38,7 +38,7 @@ typedef double Awkfloat; typedef unsigned char uschar; -#define xfree(a) { if ((a) != NULL) { free((void *)(intptr_t)(a)); (a) = NULL; } } +#define xfree(a) { free((void *)(intptr_t)(a)); (a) = NULL; } /* * We sometimes cheat writing read-only pointers to NUL-terminate them * and then put back the original value diff --git a/usr.bin/awk/awkgram.y b/usr.bin/awk/awkgram.y index 4d76c9d5e22..f9a5330078b 100644 --- a/usr.bin/awk/awkgram.y +++ b/usr.bin/awk/awkgram.y @@ -1,4 +1,4 @@ -/* $OpenBSD: awkgram.y,v 1.14 2020/06/13 01:21:01 millert Exp $ */ +/* $OpenBSD: awkgram.y,v 1.15 2022/09/01 15:21:28 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -207,9 +207,10 @@ ppattern: { $$ = op2(AND, notnull($1), notnull($3)); } | ppattern MATCHOP reg_expr { $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); } | ppattern MATCHOP ppattern - { if (constnode($3)) + { if (constnode($3)) { $$ = op3($2, NIL, $1, (Node*)makedfa(strnode($3), 0)); - else + free($3); + } else $$ = op3($2, (Node *)1, $1, $3); } | ppattern IN varname { $$ = op2(INTEST, $1, makearr($3)); } | '(' plist ')' IN varname { $$ = op2(INTEST, $2, makearr($5)); } @@ -234,9 +235,10 @@ pattern: | pattern NE pattern { $$ = op2($2, $1, $3); } | pattern MATCHOP reg_expr { $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); } | pattern MATCHOP pattern - { if (constnode($3)) + { if (constnode($3)) { $$ = op3($2, NIL, $1, (Node*)makedfa(strnode($3), 0)); - else + free($3); + } else $$ = op3($2, (Node *)1, $1, $3); } | pattern IN varname { $$ = op2(INTEST, $1, makearr($3)); } | '(' plist ')' IN varname { $$ = op2(INTEST, $2, makearr($5)); } @@ -379,17 +381,19 @@ term: | GENSUB '(' reg_expr comma pattern comma pattern ')' { $$ = op5(GENSUB, NIL, (Node*)makedfa($3, 1), $5, $7, rectonode()); } | GENSUB '(' pattern comma pattern comma pattern ')' - { if (constnode($3)) + { if (constnode($3)) { $$ = op5(GENSUB, NIL, (Node *)makedfa(strnode($3), 1), $5, $7, rectonode()); - else + free($3); + } else $$ = op5(GENSUB, (Node *)1, $3, $5, $7, rectonode()); } | GENSUB '(' reg_expr comma pattern comma pattern comma pattern ')' { $$ = op5(GENSUB, NIL, (Node*)makedfa($3, 1), $5, $7, $9); } | GENSUB '(' pattern comma pattern comma pattern comma pattern ')' - { if (constnode($3)) + { if (constnode($3)) { $$ = op5(GENSUB, NIL, (Node *)makedfa(strnode($3),1), $5,$7,$9); - else + free($3); + } else $$ = op5(GENSUB, (Node *)1, $3, $5, $7, $9); } | GETLINE var LT term { $$ = op3(GETLINE, $2, itonp($3), $4); } @@ -405,9 +409,10 @@ term: | MATCHFCN '(' pattern comma reg_expr ')' { $$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa($5, 1)); } | MATCHFCN '(' pattern comma pattern ')' - { if (constnode($5)) + { if (constnode($5)) { $$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa(strnode($5), 1)); - else + free($5); + } else $$ = op3(MATCHFCN, (Node *)1, $3, $5); } | NUMBER { $$ = celltonode($1, CCON); } | SPLIT '(' pattern comma varname comma pattern ')' /* string */ @@ -421,16 +426,18 @@ term: | subop '(' reg_expr comma pattern ')' { $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, rectonode()); } | subop '(' pattern comma pattern ')' - { if (constnode($3)) + { if (constnode($3)) { $$ = op4($1, NIL, (Node*)makedfa(strnode($3), 1), $5, rectonode()); - else + free($3); + } else $$ = op4($1, (Node *)1, $3, $5, rectonode()); } | subop '(' reg_expr comma pattern comma var ')' { $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, $7); } | subop '(' pattern comma pattern comma var ')' - { if (constnode($3)) + { if (constnode($3)) { $$ = op4($1, NIL, (Node*)makedfa(strnode($3), 1), $5, $7); - else + free($3); + } else $$ = op4($1, (Node *)1, $3, $5, $7); } | SUBSTR '(' pattern comma pattern comma pattern ')' { $$ = op3(SUBSTR, $3, $5, $7); } diff --git a/usr.bin/awk/lex.c b/usr.bin/awk/lex.c index 42feeae9962..39c9a05abf1 100644 --- a/usr.bin/awk/lex.c +++ b/usr.bin/awk/lex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lex.c,v 1.27 2020/12/09 20:00:11 millert Exp $ */ +/* $OpenBSD: lex.c,v 1.28 2022/09/01 15:21:28 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -536,7 +536,7 @@ int regexpr(void) char *bp, *cstart; if (buf == NULL && (buf = (char *) malloc(bufsz)) == NULL) - FATAL("out of space for rex expr"); + FATAL("out of space for reg expr"); bp = buf; for ( ; ((c = input()) != '/' || openclass > 0) && c != 0; ) { if (!adjbuf(&buf, &bufsz, bp-buf+3, 500, &bp, "regexpr")) @@ -579,7 +579,7 @@ int regexpr(void) *bp = 0; if (c == 0) SYNTAX("non-terminated regular expression %.10s...", buf); - yylval.s = tostring(buf); + yylval.s = buf; unput('/'); RET(REGEXPR); } diff --git a/usr.bin/awk/lib.c b/usr.bin/awk/lib.c index 0b58ed55e5a..87cc78ea58a 100644 --- a/usr.bin/awk/lib.c +++ b/usr.bin/awk/lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lib.c,v 1.48 2022/06/03 19:42:27 millert Exp $ */ +/* $OpenBSD: lib.c,v 1.49 2022/09/01 15:21:28 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -311,6 +311,7 @@ void setclvar(char *s) /* set var=value from s */ q->tval |= NUM; } DPRINTF("command line set %s to |%s|\n", s, p); + free(p); *e = '='; } diff --git a/usr.bin/awk/main.c b/usr.bin/awk/main.c index 6ce4ed58d4b..6edec091924 100644 --- a/usr.bin/awk/main.c +++ b/usr.bin/awk/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.54 2022/06/03 19:46:09 millert Exp $ */ +/* $OpenBSD: main.c,v 1.55 2022/09/01 15:21:28 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -23,7 +23,7 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ****************************************************************/ -const char *version = "version 20220530"; +const char *version = "version 20220830"; #define DEBUG #include <stdio.h> diff --git a/usr.bin/awk/run.c b/usr.bin/awk/run.c index 860911acc40..055159584c4 100644 --- a/usr.bin/awk/run.c +++ b/usr.bin/awk/run.c @@ -1,4 +1,4 @@ -/* $OpenBSD: run.c,v 1.72 2022/06/03 19:40:56 millert Exp $ */ +/* $OpenBSD: run.c,v 1.73 2022/09/01 15:21:28 millert Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -972,8 +972,10 @@ int format(char **pbuf, int *pbufsize, const char *s, Node *a) /* printf-like co } *p = '\0'; free(fmt); - for ( ; a; a = a->nnext) /* evaluate any remaining args */ - execute(a); + for ( ; a; a = a->nnext) { /* evaluate any remaining args */ + x = execute(a); + tempfree(x); + } *pbuf = buf; *pbufsize = bufsize; return p - buf; @@ -1269,6 +1271,7 @@ Cell *split(Node **a, int nnn) /* split(a[0], a[1], a[2]); a[3] is type */ origs = s = strdup(getsval(y)); if (s == NULL) FATAL("out of space in split"); + tempfree(y); arg3type = ptoi(a[3]); if (a[2] == NULL) /* fs string */ fs = getsval(fsloc); @@ -1391,7 +1394,6 @@ Cell *split(Node **a, int nnn) /* split(a[0], a[1], a[2]); a[3] is type */ } } tempfree(ap); - tempfree(y); xfree(origs); xfree(origfs); x = gettemp(); @@ -1836,8 +1838,10 @@ Cell *bltin(Node **a, int n) /* builtin functions. a[0] is type, a[1] is arg lis setfval(x, u); if (nextarg != NULL) { WARNING("warning: function has too many arguments"); - for ( ; nextarg; nextarg = nextarg->nnext) - execute(nextarg); + for ( ; nextarg; nextarg = nextarg->nnext) { + y = execute(nextarg); + tempfree(y); + } } return(x); } |