Age | Commit message (Collapse) | Author |
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
We set all opened script fds to CLOEXEC, thus making then go away
after fork+exec.
Unfortunately, CLOFORK does not exist. NOEXEC children will still see those fds open.
For one, "ls" applet is NOEXEC. Therefore running "ls -l /proc/self/fd"
in a script from standalone shell shows this:
lrwx------ 1 root root 64 Aug 20 15:17 0 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 1 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 2 -> /dev/pts/3
lr-x------ 1 root root 64 Aug 20 15:17 3 -> /path/to/top/level/script
lr-x------ 1 root root 64 Aug 20 15:17 4 -> /path/to/sourced/SCRIPT1
...
with as many open fds as there are ". SCRIPTn" nest levels.
Fix it by closing these fds after fork (only for NOEXEC children).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Discovered by running testsuite with a newest glibc
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Run this in a "sh SCRIPT":
sha256sum /dev/null
echo END
sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s.
By this time, entire script is read, and buffered in a FILE object
from fopen("SCRIPT"). But fgetc() did not consume entire input.
exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'.
(this may be libc-specific).
This change of fd position *is shared with the parent*!
Now parent can read more, and it thinks there is another "echo END".
End result: two "echo END"s are run.
Fix this by _exit()ing instead.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
It was seen being called recursively on repeated signals,
leading to double free
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Some user managed to hit a race where iface is gone between SIOCGIFFLAGS
and SIOCSIFFLAGS (!). If SIOCSIFFLAGS fails, treat it the same as failed
SIOCGIFFLAGS
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
testcase: echo "" | less, then press ')' key
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
fix broken logic to get the gzip_level_config value from options -1 to
-9.
This fixes an off-by-one bug that caused gzip -9 output bigger files
than the other compression levels.
It fixes so that compression level 1 to 3 are actually mapped to level 4
as comments say.
It also fixes that levels -4 to -9 is mapped to correct level and avoids
out-of-bounds access.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Introduce and use BB_isalnum_or_underscore().
function old new delta
BB_isalnum_or_underscore - 43 +43
vi_word_motion 162 150 -12
vi_end_motion 163 145 -18
vi_back_motion 198 179 -19
BB_isalnum 39 - -39
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 0/3 up/down: 43/-88) Total: -45 bytes
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
TBH, it's more like "work around my bad makefile-fu" than "fix"...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
do_iprule 974 955 -19
rtnl_dump_request 173 146 -27
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-46) Total: -46 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an
infinite loop of responses between two busybox NTP servers. Adding
more packets to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This is necessary for multi-hosted TLSed web sites.
function old new delta
spawn_https_helper_openssl 334 441 +107
Based on a patch by Jeremy Chadwick <jdc@koitsu.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
On user request.
I thought enabling/disabling them all together is more consistent.
Evidently, some people do want them to be separately selectable.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Not sure this was actually a triggerable bug, but the code looked flaky.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
* explain which server we contact by default
* explain when auth is done
* -t is not implied! remove that from help text
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
md5_sha1_sum_main 466 485 +19
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
In many cases, this aqllows to drop use of opt_complementary.
Approximately -400 bytes:
function old new delta
getopt32 1423 1502 +79
opt_string 17 18 +1
OPT_STR 24 25 +1
uniq_main 416 406 -10
timeout_main 279 269 -10
sulogin_main 270 260 -10
readprofile_main 1825 1815 -10
ps_main 543 533 -10
pidof_main 245 235 -10
pgrep_main 611 601 -10
od_main 2600 2590 -10
mkfs_minix_main 2684 2674 -10
mkfs_ext2_main 2603 2593 -10
microcom_main 712 702 -10
makemime_main 315 305 -10
ionice_main 282 272 -10
inetd_main 2074 2064 -10
ifplugd_main 1144 1134 -10
halt_main 353 343 -10
getopt_main 636 626 -10
fdisk_main 2854 2844 -10
env_main 206 196 -10
dmesg_main 319 309 -10
conspy_main 1214 1204 -10
awk_main 981 971 -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/22 up/down: 81/-220) Total: -139 bytes
text data bss dec hex filename
919373 906 14060 934339 e41c3 busybox_old
918969 906 14060 933935 e402f busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
whois_main 654 675 +21
packed_usage 30355 30356 +1
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
It was doing way too simplistic work of just querying the server,
no redirects, no query massaging. This required user to know a lot about whois,
and enter at least three queries for each host to get meaningful information.
function old new delta
whois_main 209 646 +437
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Not that allnoconfig build is useful in any way...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
When busybox is configured to contain a single applet an unnecessary
declaration of run_applet_and_exit results in a warning. Move the
declaration to avoid this.
Reported-by: Lauri Kasanen <curaga@operamail.com>
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
arp_main 1910 1898 -12
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The bug was seen when the following is done:
# killall 1 udhpc; killall 2 udhpc
Performing a DHCP renew
state: 2 -> 5
Sending renew...
Entering released state
state: 5 -> 6 <<<<<<<<<<<<<< not calling script!!!!
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This resolves the following use case problem:
"I start ntpd by default from /etc/init.d
There might be no working network connection (not configured properly for
whatever reason, hardware problems, whatelse).
With busybox 1.25 ntpd seems to loop forever if now NTP servers are found,
blocking the boot process and I never get a login to solve a possible pb or
to do a first time configuration."
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
CONFIG_FEATURE_USE_BSS_TAIL code was aliasing bb_common_bufsiz1 to _end.
This is unreliable: _end may be not sufficiently aligned.
Change code to simply enlarge COMMON_BUFSIZE when we detect that _end
has significant amount of space to the end of page.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Use the correct field f_frsize instead of f_bsize.
The statfs f_bsize is the "Optimal transfer block size" while the
f_frsize is the "Fragment size (since Linux 2.6)". On some FUSE
filesystems those may differ.
Fixes bug 9046
URL: https://bugs.busybox.net/show_bug.cgi?id=9046
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Commit e6a2f4cc changed the way common_bufsiz1 works. Now it needs to
be initialized before using, but i2cdump wasn't updated by said patch.
Since the fact that we're using common_bufsiz1 here isn't obvious (no
G_INIT() macro, no other global variables), drop it and simply
allocate the integer array required for block reads on the stack.
Tested with i2c block read on a Lenovo Thinkpad laptop.
Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The ICMP RFC says that identifier and sequence number may be zero.
Having them zero for a Echo message, along with a data of zero's
as well will result in a Echo reply message with only zero's.
Some NAT implementations seem to get the checksum wrong on these
packages. Setting a checksum of 0x0 instead of 0xffff.
Through NAT:
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x0000 [incorrect, should be 0xffff]
Identifier (BE): 0 (0x0000)
Identifier (LE): 0 (0x0000)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (56 bytes)
Data: 000000000000000000000000000000000000000000000000...
[Length: 56]
Without NAT:
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0xffff [correct]
Identifier (BE): 0 (0x0000)
Identifier (LE): 0 (0x0000)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
[Request frame: 189]
[Response time: 0.024 ms]
Data (56 bytes)
Data: 000000000000000000000000000000000000000000000000...
[Length: 56]
And this in turn will make some hardware MAC checksum offloading
engines drop the packet.
(This was seen with a Synopsis MAC, the same one used in for instance the
stmmac Ethernet driver in the linux kernel.)
This change can be seen as a workaround for bugs in other layers.
But just setting an identifier for the Echo message packet will
avoid prodding the hornets nest.
function old new delta
common_ping_main 424 500 +76
Signed-off-by: Jonas Danielsson <jonasdn@axis.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This did not work: setsid sh -c 'anything'
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|