[Bug 16222] New: sed inconsistent stdin handling influencing parsing and output

bugzilla at busybox.net bugzilla at busybox.net
Wed Oct 23 15:46:53 UTC 2024


https://bugs.busybox.net/show_bug.cgi?id=16222

            Bug ID: 16222
           Summary: sed inconsistent stdin handling influencing parsing
                    and output
           Product: Busybox
           Version: 1.36.x
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: klaus+mj2wo4zomj2xg6lcn54c43tfoqfa at frank.fyi
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

Hi,

I just found a strange bug in sed of busybox when using "-" as filename. When
e.g. trying to truncate a file at a specific match using sed this causes a very
unexpected result. See examples below.

I think the bug is with how "-" is sanitized. I'd therefore suggest to
internally just rewrite it to `/proc/self/fd/0` as that one appears to work as
expected. And it is probably the simplest input sanitization to avoid issues
like this in the future. Alternatively as also omitting it works there may be
another special case that could introduce such parsing bugs and therefore I'd
also recommend sanitizing it the same way to get rid of the (apparently)
currently present special cases in parsing the filename.

I furthermore would stress on the importance of removing such special cases in
parsing from a security perspective as such quirks very often cause security
issues further down the line. E.g. in this case it could cause too much data to
be exported or sent to a 3rd party and thereby very easily leak sensitive data.
(Therefore opening this with severity **major**)


# Reproducible with:
* ArchLinux `BusyBox v1.36.1 () multi-call binary.`
* AlpineLinux `BusyBox v1.36.1 (2024-06-10 07:11:47 UTC) multi-call binary.`
* Debian latest `BusyBox v1.35.0 (Debian 1:1.35.0-4+b3) multi-call binary.`
* Debian Sid `BusyBox v1.37.0 (Debian 1:1.37.0-4) multi-call binary.`

# Example:
## Preparation
Create a file `/tmp/test.txt` with:
```
Line 1
Line 2
someMatch
Line 4
Line 5
```

## Not working
causes only the very next line after the match to be omitted.

* `cat /tmp/test.txt | sed '/someMatch/q' -`
* `foo=$(cat /tmp/test.txt); echo "$foo" | sed '/someMatch/q' -`

Outputs (incorrectly):
```
Line 1
Line 2
someMatch
Line 5
```

## working
* `sed '/someMatch/q' /tmp/test.txt`
* `cat /tmp/test.txt | sed '/someMatch/q'`
* `foo=$(cat /tmp/test.txt); echo "$foo" | sed '/someMatch/q'`
* `cat /tmp/test.txt | sed '/someMatch/q' /proc/self/fd/0`
* `foo=$(cat /tmp/test.txt); echo "$foo" | sed '/someMatch/q' /proc/self/fd/0`
* `cat /tmp/test.txt | sed '/someMatch/q' /dev/fd/0`
* `foo=$(cat /tmp/test.txt); echo "$foo" | sed '/someMatch/q' /dev/fd/0`
* `cat /tmp/test.txt | sed '/someMatch/q' /dev/stdin`
* `foo=$(cat /tmp/test.txt); echo "$foo" | sed '/someMatch/q' /dev/stdin`

### Outputs (correctly):
```
Line 1
Line 2
someMatch
```

Sincerely,
Klaus Frank

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list