| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
* tests/018/close-lazy.tl: New file.
|
|
|
|
|
|
| |
* tests/018/noclose.txr: New file.
* tests/018.noclose.expected: New file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attacks are possible via /proc/<pid>/fd/<n> involving
a deleted file, whereby the link target changes from
"/path/to/file" to "/path/to/file (deleted)", which
can be perpetrated by a different user, not related
to process <pid>, who has access to perform
unlink("/path/to/file").
* stdlib/path-test.tl (safe-abs-path): Perform the
pattern check regardless of effective user ID.
* tests/018/path-safe.tl: Test cases adjusted.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a Linux system, it's possible for an unprivileged
user to create a root symlink pointing to any directory,
simply by changing to that directory and running a setuid
executable like "su". That executable will get a process
whose /proc/<pid> directory is root owned, and contains
a symlink named cwd pointing to the current directory.
Other symlinks under /proc look exploitable in this way.
* stdlib/path-test.tl (safe-abs-path): New function.
Here is where we are going to check for unsafe paths.
We use some pattern matching to recognize various unsafe
symlinks under /proc.
(path-components-safe): Simplify code around recognition
of absolute paths. When an absolute path is read from
a symlink, remove the first empty component. Pass every
absolute path through safe-abs-path to check for known
unsafe paths.
* tests/018/path-safe.tl: New tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* autoload.c (path_test_set_entries): Autoload on
path-components-safe symbol.
* stdlib/path-test.tl (if-windows, if-native-windows):
New system macros.
(path-safe-sticky-dir): New system function.
(path-components-safe): New function.
* tests/018/path-safe.tl: New file.'
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (pipe_close_status_helper): New function,
factored out of pipe_close and used by it, and
also by gzio_close.
(pipe_close): Call pipe_close, which now contains
the classification of process wait status codes.
(open_fileno): Now takes optional pid argument.
If this specified, then make_pipevp_stream is used.
(open_subprocess): Use the open_fileno function, rather than
fopen. This simplifies things too, except that we have to
catch exception. Pass pid to the newly added parameter of
open_fileno so that we obtain a proper pipe stream that will
wait for the process to terminate when closed.
(mkstemp_wrap): Pass nil for pid argument of open_fileno.
(stream_init): Update registration of open-fileno.
* gzio.c (struct gzio_handle): New member, pid.
(gzio_close): If there is a nonzero pid, wait for the
process to terminate.
(make_gzio_stream): Initialize h->pid to zero.
(make_gzio_pipe_stream): New function.
* parser.c (lino_fdopen): Pass nil for pid argument
of open_fileno.
* gzio.h (make_gzio_pipe_stream): Declared.
* tests/018/gzip.tl: New test.
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (sh): Use a single definition for this function,
which uses the shell and shell_arg variables to use
either /bin/sh -c or cmd.exe /c. We only want to use
cmd.exe when running as a Windows native program on Cygnal.
* tests/018/process.tl: Remove workaround from test case.
This is what was causing the weirdness.
|
|
|
|
| |
* tests/018/gzip.tl: New file.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (trim_path_seps): New function.
(stream_init): trim-path-seps intrinsic registered.
* stream.c (trim_path_seps): Declared.
* tests/018/path.tl: New tests.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/017/str-s.tl: Use (libc) not nil in with-dyn-lib.
* tests/018/forkflush.tl: On Cygwin, produce canned output for first
test case, because the real test case produces some DOS line endings
that cause a mismatch.
* tests/019/load-search.tl: Skip test case involving a directory
with bad permissions being in the load search path.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test case exemplifies code that will work as expected
when *stdout* is a TTY device, such that line buffering is
in effect, but then break when standard output is redirected
to a file.
The issue is that the controlling process is not flushing its
standard output when calling the external script, so the
script's output gets placed ahead of the process' own earlier
output.
* tests/018/forkflush.tl: New file.
* tests/018/forkflush.expected: New file.
|
|
|
|
| |
* tests/018/combine-tlo.tl: New file.
|
|
|
|
|
|
|
|
|
| |
* stdlib/copy-file.tl (path-simplify): If the incoming path's
first component is "", it is absolute; in that case swallow
any components that go above.
* tests/018/path-equal.tl: Uncomment two previously failing
tests.
|
|
|
|
|
|
|
|
|
|
| |
* pic.tl (add-neg-parens): New system function.
(expand-neg-parens): New macro.
(expand-pic): New numeric pattern with parentheses.
Also suport escaping of parentheses.
(pic): Recognize parenthesized numeric pattern here also.
* tests/018/format.tl: New tests.
|
|
|
|
| |
* tests/018/format.tl: New test cases.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pic.tl (expand-pic-num): If the overflowing field specifies
a decimal point other than in the rightmost position, then
stick one into the fill pattern. The motivation for this is
that it harmonizes with the digit separators. The new digit
separator insertion logic will treat the # characters like
digits, and requires the embedded decimal in order to work
properly. Allowing digit separation to work in the fill
pattern will make for better looking output in column
displays. That's the same reason why we insert digit
separators among leading zeros.
* tests/018/format.tl: Overflow test cases updated in
light of this requirement change.
* txr.1: Documented.
|
|
|
|
|
|
|
|
|
|
| |
* lisplib.c (copy_file_set_entries): Add path-equal to autoload symbols.
* stdlib/copy-file.tl (path-equal): New function.
* tests/018/path-equal.tl: New file.
* txr.1: Documented.
|
|
|
|
|
|
|
| |
* stream.c (run): replace_env takes only one argument.
* tests/018/process.tl: *child-env* tests are reporting some extra
environment variables on Windows; let's just disable them.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This specifies the environment to be used for executing
programs.
* stream.c (open_subprocess, run): Check *child-env* variable and if
other than t, then install the environment before execvp.
In the spawn-based version of run, we save and restore the
environment around the spawn call, if *child-env* is in
effect.
* sysif.c (child_env_s): New symbol variable.
(exec_wrap): If *child-env* is other than t, then save the
environment in a list, and install the specified environment
before calling execvp. If that function returns, restore the
environbment.
* sysif.h (child_env_s): Declared.
(child_env): New macro.
* tests/018/process.tl: New tests.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new function:
- just returns the name if it contains path name components.
- returns nil if the name is "." or "..".
- tests for existence only, not permission to execute.
* lisplib.c (path_test_set_entries): Do not auto-load path-test
module on the path-search symbol, since it is no longer implemented
there.
* stdlib/path-test.tl (path-search): Function removed.
* stream.c (path_var_sep_char): New global variable.
(path_search): New function.
(detect_path_separators): Also set path_var_sep_char to semicolon
on Cygnal.
(stream-init): Register path-search intrinsic here now.
* stream.h (path_var_sep_char, path_search): Declared.
* tests/018/path-test.tl: New tests.
* txr.1: Documentation revised for path-search.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Basic idea: when we throw an exception that pertains to a
system error which has an errno code, we can stick the errno
into the memory area of the character string, into the wchar_t
that immediately follows the null terminator. We can do this
because strings track their actual allocation size.
A pair of setter/getter functions to set and retrieve this
value are provided, and all functions in the code which can
set such a code are updated to do so, simply by calling the
newly added uw_ethrowf that drop-in replaces for uw_throwf.
* lib.[ch] (string_set_code, string_get_code): New functions.
* unwind.[ch] (uw_ethrowf): New function.
* eval.c (eval_init): Register string-set-code and
string-get-code intrinsics.
* ftw.c (ftw_wrap): Switch to uw_ethrowf.
* parser.c (open_txr_file): Likewise.
* socket.c (dgram_overflow): Store the ENOBUFS error in errno,
and use uw_ethrowf instead uw_throwf.
(dgram_get_byte_callback, dgram_flush, sock_bind, to_connect,
open_sockfd, sock_connect, sock_listen, sock_accept,
sock_shutdown, sock_timeout, socketpair_wrap): Switch to
uw_ethrowf.
* stream.c (dev_null_get_fd, stdio_maybe_read_error,
stdio_maybe_error, stdio_close, pipe_close, open_directory,
open_file, open_fileno, open_tail, fds_subst,
open_subprocess, open_command, remove_path, rename_path,
tmpfile_wrap, mkdtemp_wrap, mkstemp_wrap): Switch to uw_ethrowf.
* sysif.c (mkdir_wrap, ensure_dir, chdir_wrap, getcwd_wrap,
rmdir_wrap, mknod_wrap, mkfifo_wrap, chmod_wrap, do_chown,
symlink_wrap, link_wrap, readlink_wrap, close_wrap, val
exec_wrap, stat_impl, do_utimes, pipe_wrap, poll_wrap,
getgroups_wrap, setuid_wrap, seteuid_wrap, setgid_wrap,
setegid_wrap, setgroups_wrap, getresuid_wrap, setresuid_wrap,
setresgid_wrap, crypt_wrap, uname_wrap, opendir_wrap,
getrlimit_wrap, setrlimit_wrap): Likewise.
* termios.c (tcgetattr_wrap, tcsetattr_wrap, tcsendbreak_wrap,
tcdrain_wrap, tcflush_wrap, tcflow_wrap): Likewise.
* tests/018/errno.tl: New file.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For instance, this bad output is produced:
(pic "+0####.## <<<<<" 123 1) -> "+00123.00 +1 "
The second argument should not have any leading + sign.
* stream.c (formatv): For each new conversion specifier introduced by ~,
reset the sign variable to zero also. That's the semantic change here,
occluded by the fact that I'm rearranging the declaration of the
variables, adding comments, and condensing the assignments while also
getting them into the same order as the declarations, in order that this
sort of bug does not creep in in the future, should another such
variable be added.
* tests/018/format.tl: Adding correct version of above test case.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/common.tl (os-symbol): Look for the substring BSD in
the system name, and map to symbol :bsd. Do not produce
the :openbsd symbol.
* tests/014/socket-basic.tl: Refer to :bsd, not :openbsd.
* tests/017/glob-carray.tl: Likewise.
* tests/018/chmod.tl: Likewise.
|
|
|
|
| |
* tests/018/path.tl: New tests.
|
|
|
|
|
| |
* tests/018/path.tl: test coverage for abs-path-p and
portable-abs-path-p.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/002/query-1.txr: Skip test if an executable
/bin/sh doesn't exist, rather than the bogus reasons.
* tests/010/json.tl: Change the condition for the
command-put-json tests: not whether cat is found
in the search path but whether /bin/sh exists and is executable.
* tests/017/realpath.tl: Also quit if /usr/bin doesn't exist.
* tests/018/path-test.tl: Exit succesfully if /bin/sh
does not exist. Revert the earlier change.
* tests/018/process.tl: Quit if no executable /bin/sh exists.
|
|
|
|
|
|
|
| |
* tests/018/path-test.tl: In the Guix build environment, the
shell might be found at a path not ending in bin. Let's
ust test for ending in /bin. Reported and investigated by
Paul A. Patience.
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c, stream.h (add_suffix): New function.
(stream_init): add-suffix intrinsic registered.
* tests/018/path.tl: Tests.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lib.c, lib.h (chk_substrdup): New function.
* stream.c, stream.h (trim_short_suffix, trim_long_suffix):
New functions.
(stream_init): trim-short-suffix and trim-long-suffix
intrinsics registered.
* tests/018/path.tl: New tests.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
|
|
|
|
| |
* tests/018/path.tl: New cases covering dotted name situation,
which is not a suffix, but can have a suffix.
|
|
|
|
|
|
| |
* tests/018/chmod.tl (os): Fix final parentheses of defvarl form
accidentally encompassing the rest of the source file. Replace tabs with
spaces.
|
|
|
|
|
| |
* tests/018/path-test.tl: Check that the result of a path-search for
"sh" only ends in "/bin/sh", not that it is precisely "/bin/sh".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Another requirements tweak to short-suffix and long-suffix:
ignore one or more trailing slashes, instead of just one.
This harmonizes with base-name, which does same, that
requirement being copies from the POSIX basename utility.
* stream.c (short_suffix, long_suffix): If sl points to a
trailing slash which is the start of a suffix that consists of
nothing but trailing slashes, then we pretend it isn't there.
* tests/018/path.tl: Adjusted two existing test cases, and
added more.
* txr.1: Documented.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (path_vcat): New static function.
(stream_init): Register path-cat instrinsic to path_vcat
rather than path_cat.
* tests/018/path.tl: path-cat tests: all examples from
documentation, plus others.
* txr.1: Documented existing behaviors that were not clear,
like when inputs are empty. Documented new variadic semantics.
Examples added.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lisplib.c (path_test_set_entries): Autoload on path-search.
* stdlib/path-test.tl (path-search): New function.
* tests/018/path-test.tl: New file.
* txr.1: Documented.
* stdlib/doc-lookup.tl: Updated.
|
|
|
|
|
|
|
|
| |
* stream.c (base_name): We must check for a zero length
suffix, otherwise sub(base, zero, neg(length(suff)))
produces an empty string.
* tests/018/path.tl: Test cases for base-name.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The short-suffix and long-suffix functions will now return the
suffix including the leading period. This was a suggestion
from user Paul A. Patience, which is a good requirement.
Since these functions were newly introduced just the last
release, I'm not going to provide backwards compatibility
switching for them.
* stream.c (short_suffix, long_suffix): Duplicate the suffix
starting at the dot, not dot + 1.
* tests/018/path.tl: Test cases updated.
* txr.1: Documentation updated.
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (short_suffix, long_suffix): Do not treat the
starting dot of the last componet as a suffix delimiter.
* tests/018/path.tl: Test cases edited to reflect
requirements change; new tests added.
* txr.1: Updated.
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (short_suffix, long_suffix): Take path separator
characters into account; the suffix must not span across
separators. The trailing separator must also not appear in
the suffix.
* tests/018/path.tl: Test cases added.
* txr.1: Redocumented.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (short_suffix, long_suffix): New functions.
(stream_init): short-suffix and long-suffix intrinsics
registered.
* stream.c (short_suffix, long_suffix): Declared.
* tests/018/path.tl: New file.
* txr.1: Documented.
* share/txr/stdlib/doc-syms.tl: Updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (fds_subst, fds_swizzle, fds_restore): These functions are
used on Cygwin by some functions that are based on spawn, and so must be
avaiable.
* tests/018/process.tl: Two fixes here. Firstly, the 1>&1 redirection in
one of the tests should be 1>&2 on all platforms. That a temporary edit
left behind from massaging the tests and the code. Secondly, some weird
results are observed on Cygwin. The communication with the child sees
an extra carriage return and space sneak in. I'm just codifying this as
Cygwin's way of passing the test case; it's likely unfixable at the
application level.
|
|
|
|
| |
* tests/018/process.tl: New file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a number of issues, such as left adjustment not
working and such. This needs a better treatment from the
requirements level, through to a set of test cases.
* stream.c (max, min): Macros macros added, in their usual
form.
(vformat_num): Implement new rules which suppress the zero and
space characters used in place of a sign if they overflow the
field width.
(formatv): Clamp integer precision field to width - 1 for
integers, for consistency with floating-point handling.
For floating-point values under ~a and ~s, do not force
the second stage precision to width - 1; only clamp it
if it is greater.
* format.tl: Numerous new tests.
* txr.1: Significant redocumenting of this area. The handling
of numbers is described as a two stage process, clarifying the
changing role of "precision" in the two stages.
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (formatv): The - precision option character
produces a "sign" that is a zero. If this is used with leading
zeros, it will avoid generating a space. The requirements can
use improvement here, but one step at a time.
* tests/018/format.tl: Some tests.
* txr.1: Documented.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* share/txr/stdlib/pic.tl (pic): Refactor string compilation
code into local function which has access to the overall
argument list. Recognize the quasiliteral case and translate
by compiling all the string parts, then forming a recombined
quasiliteral where the compiled parts are substituted.
* tests/018/format.tl: test case for this.
* txr.1: Documented.
|
|
|
|
|
|
|
|
|
|
| |
* share/txr/stdlib/pic.tl (expand-pic-num, expand-pic, pic):
Allow ### to be followed by a single !. This is not counted
toward the field width.
* tests/018/format.tl: Cover with some tests.
* txr.1: Doc updated.
|
|
|
|
|
|
|
|
| |
* tests/018/format.tl: Add tests which combine overflow
flagging with +/-. The space generated by - contributes to
overflow.
* txr.1: Clarify overflow issue in documentation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* share/txr/stdlib/pic.tl (expand-pic-num): Bug: when a field
overflows, the (rest ...) call truncates the leftmost digit.
A failing test case is (pic "#.#" 12) which produces "2.0"
instead of "12.0". Firstly, we only need that logic at all in
the zero padding case. When the number is positive, we stick
in the + request, so we are sure to get a + character. The
rest call then predictably chops off the + rather than a
digit.
(pic-join-opt): Fix two bugs here in the string-string combine
case: using s2 instead of s1, and not splicing in rest.
(expand-pic, pic): Implement tightening for escape sequences.
If ~ is not followed by anything, or not followed by the
documented characters for escaping, it is erroneous.
* format.tl: Battery of new tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* buf.c (buf_hex): New function.
* buf.h (buf_hex): Declared.
* stream.c (formatv): Support printing of buffers in hex
via temporary buffer containing hex characters, similarly
to how bignums are handled.
* tests/018/format.tl: New file, providing some coverage over
new and affected code.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* share/txr/stdlib/copy-file.tl: When removing .. components,
a dotdot must only cancel preceding non-dotdot. We must check
not only that the out stack is not empty but that the top
element isn't dotdot. Also, eliminate empty components, like
the documentation says. Lastly, we must check for the impossible
cases, when the from path uses .. components that are
impossible to navigate backwards to form a relative path.
* tests/018/rel-path.tl: Test cases added.
* txr.1: Updated with additional descriptions, fixes and
examples.
|