| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* parser.c (read_objects_common): New static function, formed
from read_objects_from-string.
(read_objects_from_string): Now wrapper for read_objects_common.
(read_objects): New function.
* parser.h (read_objects): Declared.
* eval.c (eval_init): Register read-objects intrinsic.
* autoload.c (getput_set_entries): Add three new symbols:
file-get-objects, file-put-objects and file-append-objects.
* stdlib/getput.tl (put-objects): New system function.
(file-get-objects, file-put-objects, file-append-objects):
New functions.
* txr.1: Documented.
* tests/018/getput.tl: New file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not all special characters can just be backslash escaped.
Spaces and newlines must be quoted.
* stream.c (sh_esc_common): New function. Handles both
sh-esc and sh-esc-all logic, distinguished by a flag.
Quoting is used, rather than backslash escaping.
If the string contains no special characters, it is just
erturned. If it can be double quoted, it is double quoted.
Otherwise it is single quoted and any contained single
quotes are replaced by '\''.
(sh_esc, sh_esc_all): Now just wrap sh_esc_common.
(sh_esc_dq): Remove the newline from the set of escaped
characters. Escaping a newline generates a continuation
sequence which eats the newline.
* tests/018/sh-esc.tl: Most test cases deleted; many new test
cases added.
* txr.1: Documentation revised.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* glob.c (glob_wrap): When converting the glob array to the
returned list, suppress consecutive duplicates. This has to be
done separately for each call to glob or super_glob, so we now
interleave the production of the output list with the glob
calls. It has to be done separately because there can be
duplicates between different patterns. E.g. if (glob "?")
matches one path then (glob '("?" "?")) must return two copies
of it. Furthermore, the brace expansion implementation in
glob* produces multiple glob calls and appends their results.
Duplicates inside a single super_glob call result when there
are multiple ** (double star) patterns present, which are
matched by the same path in more than one way. If the results
are sorted, then the duplicates appear consecutively and we
will squash them. Also, a memory leak is fixed here: we
must free(pat_u8) unconditionally, before testing for the
early exit situation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* glob.c (glob_wrap): #ifdef GLOB_BRACE around code that removes
the flag.
(super_glob_find_inner): Initialize pst. The older compiler I'm
using on Solaris 10. isn't smart enough to figure out that it
is not used uninitialized.
* tests/018/glob.t: Skip the ...\/** test on Solaris. It
takes a long time, and produces nil in the end. We don't
care how it behaves, only that we pass through that
pattern to glob without interpreting it as a double star.
|
| |
|
|
| |
* tests/018/glob.tl: exit successfully on Cygwin.
|
| |
|
|
|
|
|
|
| |
* glob.c (glob_path_cmp): Compare bytes as unsigned.
After the loop, don't test whether the pointer are null;
they never are. Test whether they point to null.
* tests/018/glob.tl: Expected data replaced.
|
| |
|
|
|
|
|
| |
* glob.c (super_glob_rec): Do not recognize a trailing /**
if it is preceded by a backslash.
* tests/018/glob.tl: Test case added.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The glob* function supports brace expansion, the **
pattern for matching zero or more path components,
as well as a sane sort for path names.
glob* relies on brace expansion written in Lisp;
the ** processing and sorting is done by a glob-compatible
C function called super_glob that uses glob.
* autoload.c (glob_set_entries, glob_instantiate): New static
functions.
(autoload_init): Register autoload of stdlib/glob module.
* glob.c (GLOB_XNOBRACE, GLOB_XSTAR): New macros.
(glob_wrap): Call super_glob instead of glob if GLOB_XSTAR
is present in flags. Avoid passing extension flags to glob.
(super_glob_find_inner, super_glob_rec, glob_path_cmp,
glob_str_cmp, super_glob): New static functions.
(glob_init): Register sys:glob-xstar, and glob-xnobrace.
sys:glob-xstar is used by glob* to request support for
the ** pattern from glob.
* stdlib/glob.tl: New file.
* tests/018/glob.tl: New file.
* txr.1: Documented.
|
| |
|
|
|
|
|
|
| |
* tests/018/crypt.tl: replace (crypt "a" "*$") test with
(crypt "a" "::"). Musl's crypt treats all unrecognized hashes
through DES, and the DES module accepts almost anything
as salt characters, except '\0', '\n' and ':', since
those characters would wreck the password file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has been reported by user cielesti that some of our
crypt tests fail on the Musl library.
Musl has some additional agorithms so it yields
a meaningful hash for a "$0$" salt, as well as for "$9$".
Musl uses "*" and "x" as error tokens rather than "*0"
and "*1". We need to change how we detect error tokens.
* sysif.c (crypt_wrap): Detect error tokens only by their
length: if a string emerges from crypt or crypt_r, whose
length is less than 13, it's an error token.
* tests/018/crypt.tl: Drop the tests that require :error
for salts "$0$" and "$9$", replacing them with a test
for a salt that is almost certainly invalid in all C libraries
on Linux.
* txr.1: Document that crypt throws an error exception and
under what circumstances (when the C library function does
what).
|
| |
|
|
|
|
|
|
|
|
|
| |
* stream.c (sh_esc, sh_esc_all, sh_esc_dq, sh_esc_sq): New static
functions.
(stream_init): sh-esc, sh-esc-all, sh-esc-dq, sh-esc-sq: Intrinsics
registered.
* tests/018/sh-esc.tl: New file.
* txr.1: Documented.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (close_stream): If the underlying method
returns the colon symbol :, then keep the cached
close_result as nil, so that the method can be called
again, but return t to the caller to indicate success.
* tests/018/close-delegate.tl: Test case added.
* tests/018/close-delegate.expected: Updated.
* txr.1: Documented.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is motivated by trying to implement a struct delegate
stream which performs reference counting in close, in
order to close the real stream when the count hits zero.
The caching behavior of close-stream is a problem.
* stream.c (strm_base_init): Initialize close_result to nil,
rather than nao.
(strm_base_mark): Don't check close_result for nao.
(close_stream): Suppress the call to op->close if close_result
has a non-nil value, rather than a value other than nao.
* tests/018/close-delegate.tl,
* tests/018/close-delegate.expected: New files.
* txr.1: Document that only a non-nil return is cached
by close-stream.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* stdlib/path-test.tl (path-volume): Don't return
:abs for a path whose empty first component
isn't followed by any more items. Otherwise
we return :abs for a path formed by splitting
the empty string, and then calls like (rel-path "" "a")
complain about a mixture of absolute and relative.
With this change, empty paths given to rel-path
behave as if they were ".".
* tests/018/rel-path.tl: New test cases.
|
| |
|
|
|
|
| |
* tests/018/clean.tl: New file.
* tests/018/clean.expected: New file.
|
| |
|
|
|
| |
* tests/018/crypt.tl: Exit with successful termination status
on Android or Cygwin.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* sysif.c (crypt_wrap): Don't call free(cd) on platforms
where we don't have crypt_r and have not defined the
cd variable.
* test/018/crypt.tl: Move the (crypt "a" "b") test case
to be GNU/Linux-only. On Solaris, it yields a valid-looking
hash instead of failing. That hash will not validate the
password though; i.e. (crypt "a" (crypt "a" "b")) is not
equal to (crypt "a" "b").
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The validate_salt function was introduced in commit
c3a0ceb2cea1a9d43f2baf5a2e63d0d712c8df19, February 2020.
I cannot reproduce the internal crash in crypt which
it alleges, and I neglected to mention the bad inputs
in the commit or add tests. I'm not able to reproduce
the alleged behavior in spite of trying all sorts of bad
inputs; and looking at the crypt source in glibc, I
don't see any obvious problem.
And so, on this Halowe'en, we exorcise the ghost
that has been haunting the crypt.
* sysif.c (salt_char_p, validate_salt): Static functions
removed.
(crypt_wrap): Don't call validate_salt, and so cwsalt
need not be tested for null.
* tests/018/crypt.tl: New file.
* txr.1: Mention that crypt_r is used if available, which
avoids static storage.
|
| |
|
|
| |
* tests/018/close-lazy.tl: New file.
|
| |
|
|
|
|
| |
* tests/018/noclose.txr: New file.
* tests/018.noclose.expected: New file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attacks are possible via /proc/<pid>/fd/<n> involving
a deleted file, whereby the link target changes from
"/path/to/file" to "/path/to/file (deleted)", which
can be perpetrated by a different user, not related
to process <pid>, who has access to perform
unlink("/path/to/file").
* stdlib/path-test.tl (safe-abs-path): Perform the
pattern check regardless of effective user ID.
* tests/018/path-safe.tl: Test cases adjusted.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a Linux system, it's possible for an unprivileged
user to create a root symlink pointing to any directory,
simply by changing to that directory and running a setuid
executable like "su". That executable will get a process
whose /proc/<pid> directory is root owned, and contains
a symlink named cwd pointing to the current directory.
Other symlinks under /proc look exploitable in this way.
* stdlib/path-test.tl (safe-abs-path): New function.
Here is where we are going to check for unsafe paths.
We use some pattern matching to recognize various unsafe
symlinks under /proc.
(path-components-safe): Simplify code around recognition
of absolute paths. When an absolute path is read from
a symlink, remove the first empty component. Pass every
absolute path through safe-abs-path to check for known
unsafe paths.
* tests/018/path-safe.tl: New tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* autoload.c (path_test_set_entries): Autoload on
path-components-safe symbol.
* stdlib/path-test.tl (if-windows, if-native-windows):
New system macros.
(path-safe-sticky-dir): New system function.
(path-components-safe): New function.
* tests/018/path-safe.tl: New file.'
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (pipe_close_status_helper): New function,
factored out of pipe_close and used by it, and
also by gzio_close.
(pipe_close): Call pipe_close, which now contains
the classification of process wait status codes.
(open_fileno): Now takes optional pid argument.
If this specified, then make_pipevp_stream is used.
(open_subprocess): Use the open_fileno function, rather than
fopen. This simplifies things too, except that we have to
catch exception. Pass pid to the newly added parameter of
open_fileno so that we obtain a proper pipe stream that will
wait for the process to terminate when closed.
(mkstemp_wrap): Pass nil for pid argument of open_fileno.
(stream_init): Update registration of open-fileno.
* gzio.c (struct gzio_handle): New member, pid.
(gzio_close): If there is a nonzero pid, wait for the
process to terminate.
(make_gzio_stream): Initialize h->pid to zero.
(make_gzio_pipe_stream): New function.
* parser.c (lino_fdopen): Pass nil for pid argument
of open_fileno.
* gzio.h (make_gzio_pipe_stream): Declared.
* tests/018/gzip.tl: New test.
|
| |
|
|
|
|
|
|
|
|
| |
* stream.c (sh): Use a single definition for this function,
which uses the shell and shell_arg variables to use
either /bin/sh -c or cmd.exe /c. We only want to use
cmd.exe when running as a Windows native program on Cygnal.
* tests/018/process.tl: Remove workaround from test case.
This is what was causing the weirdness.
|
| |
|
|
| |
* tests/018/gzip.tl: New file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* stream.c (trim_path_seps): New function.
(stream_init): trim-path-seps intrinsic registered.
* stream.c (trim_path_seps): Declared.
* tests/018/path.tl: New tests.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
| |
|
|
|
|
|
|
|
|
|
| |
* tests/017/str-s.tl: Use (libc) not nil in with-dyn-lib.
* tests/018/forkflush.tl: On Cygwin, produce canned output for first
test case, because the real test case produces some DOS line endings
that cause a mismatch.
* tests/019/load-search.tl: Skip test case involving a directory
with bad permissions being in the load search path.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test case exemplifies code that will work as expected
when *stdout* is a TTY device, such that line buffering is
in effect, but then break when standard output is redirected
to a file.
The issue is that the controlling process is not flushing its
standard output when calling the external script, so the
script's output gets placed ahead of the process' own earlier
output.
* tests/018/forkflush.tl: New file.
* tests/018/forkflush.expected: New file.
|
| |
|
|
| |
* tests/018/combine-tlo.tl: New file.
|
| |
|
|
|
|
|
|
|
| |
* stdlib/copy-file.tl (path-simplify): If the incoming path's
first component is "", it is absolute; in that case swallow
any components that go above.
* tests/018/path-equal.tl: Uncomment two previously failing
tests.
|
| |
|
|
|
|
|
|
|
|
| |
* pic.tl (add-neg-parens): New system function.
(expand-neg-parens): New macro.
(expand-pic): New numeric pattern with parentheses.
Also suport escaping of parentheses.
(pic): Recognize parenthesized numeric pattern here also.
* tests/018/format.tl: New tests.
|
| |
|
|
| |
* tests/018/format.tl: New test cases.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pic.tl (expand-pic-num): If the overflowing field specifies
a decimal point other than in the rightmost position, then
stick one into the fill pattern. The motivation for this is
that it harmonizes with the digit separators. The new digit
separator insertion logic will treat the # characters like
digits, and requires the embedded decimal in order to work
properly. Allowing digit separation to work in the fill
pattern will make for better looking output in column
displays. That's the same reason why we insert digit
separators among leading zeros.
* tests/018/format.tl: Overflow test cases updated in
light of this requirement change.
* txr.1: Documented.
|
| |
|
|
|
|
|
|
|
|
| |
* lisplib.c (copy_file_set_entries): Add path-equal to autoload symbols.
* stdlib/copy-file.tl (path-equal): New function.
* tests/018/path-equal.tl: New file.
* txr.1: Documented.
|
| |
|
|
|
|
|
| |
* stream.c (run): replace_env takes only one argument.
* tests/018/process.tl: *child-env* tests are reporting some extra
environment variables on Windows; let's just disable them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This specifies the environment to be used for executing
programs.
* stream.c (open_subprocess, run): Check *child-env* variable and if
other than t, then install the environment before execvp.
In the spawn-based version of run, we save and restore the
environment around the spawn call, if *child-env* is in
effect.
* sysif.c (child_env_s): New symbol variable.
(exec_wrap): If *child-env* is other than t, then save the
environment in a list, and install the specified environment
before calling execvp. If that function returns, restore the
environbment.
* sysif.h (child_env_s): Declared.
(child_env): New macro.
* tests/018/process.tl: New tests.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new function:
- just returns the name if it contains path name components.
- returns nil if the name is "." or "..".
- tests for existence only, not permission to execute.
* lisplib.c (path_test_set_entries): Do not auto-load path-test
module on the path-search symbol, since it is no longer implemented
there.
* stdlib/path-test.tl (path-search): Function removed.
* stream.c (path_var_sep_char): New global variable.
(path_search): New function.
(detect_path_separators): Also set path_var_sep_char to semicolon
on Cygnal.
(stream-init): Register path-search intrinsic here now.
* stream.h (path_var_sep_char, path_search): Declared.
* tests/018/path-test.tl: New tests.
* txr.1: Documentation revised for path-search.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Basic idea: when we throw an exception that pertains to a
system error which has an errno code, we can stick the errno
into the memory area of the character string, into the wchar_t
that immediately follows the null terminator. We can do this
because strings track their actual allocation size.
A pair of setter/getter functions to set and retrieve this
value are provided, and all functions in the code which can
set such a code are updated to do so, simply by calling the
newly added uw_ethrowf that drop-in replaces for uw_throwf.
* lib.[ch] (string_set_code, string_get_code): New functions.
* unwind.[ch] (uw_ethrowf): New function.
* eval.c (eval_init): Register string-set-code and
string-get-code intrinsics.
* ftw.c (ftw_wrap): Switch to uw_ethrowf.
* parser.c (open_txr_file): Likewise.
* socket.c (dgram_overflow): Store the ENOBUFS error in errno,
and use uw_ethrowf instead uw_throwf.
(dgram_get_byte_callback, dgram_flush, sock_bind, to_connect,
open_sockfd, sock_connect, sock_listen, sock_accept,
sock_shutdown, sock_timeout, socketpair_wrap): Switch to
uw_ethrowf.
* stream.c (dev_null_get_fd, stdio_maybe_read_error,
stdio_maybe_error, stdio_close, pipe_close, open_directory,
open_file, open_fileno, open_tail, fds_subst,
open_subprocess, open_command, remove_path, rename_path,
tmpfile_wrap, mkdtemp_wrap, mkstemp_wrap): Switch to uw_ethrowf.
* sysif.c (mkdir_wrap, ensure_dir, chdir_wrap, getcwd_wrap,
rmdir_wrap, mknod_wrap, mkfifo_wrap, chmod_wrap, do_chown,
symlink_wrap, link_wrap, readlink_wrap, close_wrap, val
exec_wrap, stat_impl, do_utimes, pipe_wrap, poll_wrap,
getgroups_wrap, setuid_wrap, seteuid_wrap, setgid_wrap,
setegid_wrap, setgroups_wrap, getresuid_wrap, setresuid_wrap,
setresgid_wrap, crypt_wrap, uname_wrap, opendir_wrap,
getrlimit_wrap, setrlimit_wrap): Likewise.
* termios.c (tcgetattr_wrap, tcsetattr_wrap, tcsendbreak_wrap,
tcdrain_wrap, tcflush_wrap, tcflow_wrap): Likewise.
* tests/018/errno.tl: New file.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For instance, this bad output is produced:
(pic "+0####.## <<<<<" 123 1) -> "+00123.00 +1 "
The second argument should not have any leading + sign.
* stream.c (formatv): For each new conversion specifier introduced by ~,
reset the sign variable to zero also. That's the semantic change here,
occluded by the fact that I'm rearranging the declaration of the
variables, adding comments, and condensing the assignments while also
getting them into the same order as the declarations, in order that this
sort of bug does not creep in in the future, should another such
variable be added.
* tests/018/format.tl: Adding correct version of above test case.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tests/common.tl (os-symbol): Look for the substring BSD in
the system name, and map to symbol :bsd. Do not produce
the :openbsd symbol.
* tests/014/socket-basic.tl: Refer to :bsd, not :openbsd.
* tests/017/glob-carray.tl: Likewise.
* tests/018/chmod.tl: Likewise.
|
| |
|
|
| |
* tests/018/path.tl: New tests.
|
| |
|
|
|
| |
* tests/018/path.tl: test coverage for abs-path-p and
portable-abs-path-p.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/002/query-1.txr: Skip test if an executable
/bin/sh doesn't exist, rather than the bogus reasons.
* tests/010/json.tl: Change the condition for the
command-put-json tests: not whether cat is found
in the search path but whether /bin/sh exists and is executable.
* tests/017/realpath.tl: Also quit if /usr/bin doesn't exist.
* tests/018/path-test.tl: Exit succesfully if /bin/sh
does not exist. Revert the earlier change.
* tests/018/process.tl: Quit if no executable /bin/sh exists.
|
| |
|
|
|
|
|
| |
* tests/018/path-test.tl: In the Guix build environment, the
shell might be found at a path not ending in bin. Let's
ust test for ending in /bin. Reported and investigated by
Paul A. Patience.
|
| |
|
|
|
|
|
|
|
|
|
| |
* stream.c, stream.h (add_suffix): New function.
(stream_init): add-suffix intrinsic registered.
* tests/018/path.tl: Tests.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lib.c, lib.h (chk_substrdup): New function.
* stream.c, stream.h (trim_short_suffix, trim_long_suffix):
New functions.
(stream_init): trim-short-suffix and trim-long-suffix
intrinsics registered.
* tests/018/path.tl: New tests.
* txr.1: Documented.
* stdlib/doc-syms.tl: Updated.
|
| |
|
|
|
| |
* tests/018/path.tl: New cases covering dotted name situation,
which is not a suffix, but can have a suffix.
|
| |
|
|
|
|
| |
* tests/018/chmod.tl (os): Fix final parentheses of defvarl form
accidentally encompassing the rest of the source file. Replace tabs with
spaces.
|
| |
|
|
|
| |
* tests/018/path-test.tl: Check that the result of a path-search for
"sh" only ends in "/bin/sh", not that it is precisely "/bin/sh".
|
