Add a check that the file descriptor mentioned in a N> or N< type

redirect operator is within range of what the code tree node can
hold.   Currently this is a no-op change (the new error can never
occur) as the code already checks that N is in range for an int
(and errors if not) and the field in the node in which we store N
is also an int, so we cannot overflow - but fd's do not really need
to be that big (the max a typical kernel supports is < 10000) so
this just adds validation in case it ever happens that we decide we
can save some node size (ie: sh memory) by making that field smaller.

Note this is parse time error detection, and has no bearing upon
the execution time error that will occur if a script attempts to use
an fd that exceeds the process's max fd limit.

NFCI (for now anyway.)

bin/sh/parser.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: parser.c,v 1.165 2019/02/04 11:16:41 kre Exp $	*/
+/*	$NetBSD: parser.c,v 1.166 2019/02/09 09:50:31 kre Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993
@@ -37,13 +37,14 @@
 #if 0
 static char sccsid[] = "@(#)parser.c	8.7 (Berkeley) 5/16/95";
 #else
-__RCSID("$NetBSD: parser.c,v 1.165 2019/02/04 11:16:41 kre Exp $");
+__RCSID("$NetBSD: parser.c,v 1.166 2019/02/09 09:50:31 kre Exp $");
 #endif
 #endif /* not lint */
 
+#include <limits.h>
+#include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <limits.h>
 
 #include "shell.h"
 #include "parser.h"
@@ -1569,9 +1570,13 @@ parseredir(const char *out,  int c)
 	union node *np;
 	int fd;
 
-	fd = (*out == '\0') ? -1 : number(out);
-
 	np = stalloc(sizeof(struct nfile));
+
+	fd = (*out == '\0') ? -1 : number(out);		/* number(out) >= 0 */
+	np->nfile.fd = fd;	/* do this again later with updated fd */
+	if (fd != np->nfile.fd)
+		error("file descriptor (%d) out of range", fd);
+
 	VTRACE(DBG_LEXER, ("parseredir after '%s%c' ", out, c));
 	if (c == '>') {
 		if (fd < 0)