[BusyBox] bug#1033: Busybox -Sed misinterprets escaped '/'
Mark Whitley
markw at lineo.com
Wed Aug 30 21:59:58 UTC 2000
On Wed, Aug 30, 2000 at 10:50:57AM -0700, Michael Peddemors wrote:
> Package: Busybox
> Version: 1.46
> Severity: Critical
>
> Required syntax that previously worked
>
> echo "/etc/password" | sed -e 's/[^a-z.\/_]//g'
>
> It now fails...
Here's the output of testing this on my system:
GNU sed:
$ echo "/etc/password" | sed -e 's/[^a-z.\/_]//g'
/etc/password
Busybox sed:
$ echo "/etc/password" | ./busybox sed -e 's/[^a-z.\/_]//g'
/etc/password
Identical behavior.
Was this supposed to be 'cat /etc/passwd' instead of 'echo "/etc/password"'? I
tried that, too, and again, identical behavior.
> This is also tested as failing
>
> echo "he/ll" | sed -e 's/\///g'
Tested this on my box with the following results:
GNU sed:
$ echo "he/ll" | sed -e 's/\///g'
hell
Busybox sed:
$ echo "he/ll" | ./busybox sed -e 's/\///g'
hell
Again, identical behavior. Were you getting something different?
> Failure is occuring in this function. It looked correct to me, but obviously
[snip]
>
> static int index_of_next_unescaped_slash(int idx, const char *str)
> {
> do {
> idx++;
> if (str[idx] == 0)
> return -1;
> } while (str[idx] != '/' && str[idx - 1] != '\\');
>
> return idx;
> } as it failed....
>
> That introduced something new into idx values....
> Then I got into memcpy seg faults.. So i did something wrong :-)
> Have to pass it aff to the bug list.
Ah-ha, now I see the problem...
You are using an older version of Busybox. This function has been re-written
in the current CVS version. It now looks like this:
static int index_of_next_unescaped_slash(const char *str, int idx)
{
for ( ; str[idx]; idx++) {
if (str[idx] == '/' && str[idx-1] != '\\')
return idx;
}
/* if we make it to here, we've hit the end of the string */
return -1;
}
A week or two ago, somebody reported a semi-similar problem which was also due
to the earlier implementation of index_of_next_unescaped_slash(). Please check
out the latest Busybox source from CVS, test it, and post your results to the
mailing list. If the latest source works for you, I will close this bug.
Cheers,
Mark Whitley
markw at lineo.com
More information about the busybox
mailing list