[src/trunk]: src/bin/sh Add a check that the file descriptor mentioned in a N...

[kre <kre%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/acc85d489bc3
branches:  trunk
changeset: 996832:acc85d489bc3
user:      kre <kre%NetBSD.org@localhost>
date:      Sat Feb 09 09:50:31 2019 +0000

description:
Add a check that the file descriptor mentioned in a N> or N< type
redirect operator is within range of what the code tree node can
hold.   Currently this is a no-op change (the new error can never
occur) as the code already checks that N is in range for an int
(and errors if not) and the field in the node in which we store N
is also an int, so we cannot overflow - but fd's do not really need
to be that big (the max a typical kernel supports is < 10000) so
this just adds validation in case it ever happens that we decide we
can save some node size (ie: sh memory) by making that field smaller.

Note this is parse time error detection, and has no bearing upon
the execution time error that will occur if a script attempts to use
an fd that exceeds the process's max fd limit.

NFCI (for now anyway.)

diffstat:

 bin/sh/parser.c |  15 ++++++++++-----
 1 files changed, 10 insertions(+), 5 deletions(-)

diffs (42 lines):

diff -r 149b33b711ca -r acc85d489bc3 bin/sh/parser.c
--- a/bin/sh/parser.c   Sat Feb 09 09:38:11 2019 +0000
+++ b/bin/sh/parser.c   Sat Feb 09 09:50:31 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: parser.c,v 1.165 2019/02/04 11:16:41 kre Exp $ */
+/*     $NetBSD: parser.c,v 1.166 2019/02/09 09:50:31 kre Exp $ */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -37,13 +37,14 @@
 #if 0
 static char sccsid[] = "@(#)parser.c   8.7 (Berkeley) 5/16/95";
 #else
-__RCSID("$NetBSD: parser.c,v 1.165 2019/02/04 11:16:41 kre Exp $");
+__RCSID("$NetBSD: parser.c,v 1.166 2019/02/09 09:50:31 kre Exp $");
 #endif
 #endif /* not lint */
 
+#include <limits.h>
+#include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <limits.h>
 
 #include "shell.h"
 #include "parser.h"
@@ -1569,9 +1570,13 @@
        union node *np;
        int fd;
 
-       fd = (*out == '\0') ? -1 : number(out);
+       np = stalloc(sizeof(struct nfile));
 
-       np = stalloc(sizeof(struct nfile));
+       fd = (*out == '\0') ? -1 : number(out);         /* number(out) >= 0 */
+       np->nfile.fd = fd;      /* do this again later with updated fd */
+       if (fd != np->nfile.fd)
+               error("file descriptor (%d) out of range", fd);
+
        VTRACE(DBG_LEXER, ("parseredir after '%s%c' ", out, c));
        if (c == '>') {
                if (fd < 0)