aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-08-22hush: fix "redirects can close script fd" bugDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-21build system: different fix for include/applet_tables.h/include/NUM_APPLETS.hDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-21wget/ssl_helper: update to wolfssl-3.9.8Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-20hush: do not leak script fds into NOEXEC childrenDenys Vlasenko
We set all opened script fds to CLOEXEC, thus making then go away after fork+exec. Unfortunately, CLOFORK does not exist. NOEXEC children will still see those fds open. For one, "ls" applet is NOEXEC. Therefore running "ls -l /proc/self/fd" in a script from standalone shell shows this: lrwx------ 1 root root 64 Aug 20 15:17 0 -> /dev/pts/3 lrwx------ 1 root root 64 Aug 20 15:17 1 -> /dev/pts/3 lrwx------ 1 root root 64 Aug 20 15:17 2 -> /dev/pts/3 lr-x------ 1 root root 64 Aug 20 15:17 3 -> /path/to/top/level/script lr-x------ 1 root root 64 Aug 20 15:17 4 -> /path/to/sourced/SCRIPT1 ... with as many open fds as there are ". SCRIPTn" nest levels. Fix it by closing these fds after fork (only for NOEXEC children). Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-20hush: bit better comments in redirect code. No logic changesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-19hush: `cmd` and arithmetic also need the fix for FILE rewindDenys Vlasenko
Discovered by running testsuite with a newest glibc Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-19hush: fix a bug in FEATURE_SH_STANDALONE=y config. Closes 9186Denys Vlasenko
Run this in a "sh SCRIPT": sha256sum /dev/null echo END sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s. By this time, entire script is read, and buffered in a FILE object from fopen("SCRIPT"). But fgetc() did not consume entire input. exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'. (this may be libc-specific). This change of fd position *is shared with the parent*! Now parent can read more, and it thinks there is another "echo END". End result: two "echo END"s are run. Fix this by _exit()ing instead. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-19top: move free(prev_hist) out of signal pathDenys Vlasenko
It was seen being called recursively on repeated signals, leading to double free Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-16ifplugd: if SIOCSIFFLAGS fails with ENODEV, don't dieDenys Vlasenko
Some user managed to hit a race where iface is gone between SIOCGIFFLAGS and SIOCSIFFLAGS (!). If SIOCSIFFLAGS fails, treat it the same as failed SIOCGIFFLAGS Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-16less: fix bracket search to match behavior of less 481Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-16less: fix SEGVDenys Vlasenko
testcase: echo "" | less, then press ')' key Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-15gzip: add test that checks that -9 compresses better than -1Natanael Copa
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-15gzip: fix compression level bug. Closes 9131Natanael Copa
fix broken logic to get the gzip_level_config value from options -1 to -9. This fixes an off-by-one bug that caused gzip -9 output bigger files than the other compression levels. It fixes so that compression level 1 to 3 are actually mapped to level 4 as comments say. It also fixes that levels -4 to -9 is mapped to correct level and avoids out-of-bounds access. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-14lineedit: trivial codeshrink for vi-modeNatanael Copa
Introduce and use BB_isalnum_or_underscore(). function old new delta BB_isalnum_or_underscore - 43 +43 vi_word_motion 162 150 -12 vi_end_motion 163 145 -18 vi_back_motion 198 179 -19 BB_isalnum 39 - -39 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 0/3 up/down: 43/-88) Total: -45 bytes Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-14build system: fix include/NUM_APPLETS.h generationDenys Vlasenko
TBH, it's more like "work around my bad makefile-fu" than "fix"... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-14libiproute: eliminate some redundant zero storesDenys Vlasenko
function old new delta do_iprule 974 955 -19 rtnl_dump_request 173 146 -27 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-46) Total: -46 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-14ip: fix an improper optimization: req.r.rtm_scope may be nonzero hereDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-13cp: fix -i for POSIX mode. Closes 9106Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-08-01ntpd: respond only to client and symmetric active packetsMiroslav Lichvar
The busybox NTP implementation doesn't check the NTP mode of packets received on the server port and responds to any packet with the right size. This includes responses from another NTP server. An attacker can send a packet with a spoofed source address in order to create an infinite loop of responses between two busybox NTP servers. Adding more packets to the loop increases the traffic between the servers until one of them has a fully loaded CPU and/or network. Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-30service/fw example: do not ruin $if[], use different nameDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-25wget: run s_client helper with -servername HOSTDenys Vlasenko
This is necessary for multi-hosted TLSed web sites. function old new delta spawn_https_helper_openssl 334 441 +107 Based on a patch by Jeremy Chadwick <jdc@koitsu.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-25ssl_helper.sh: strip was invoked incorrectlyDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-25var_service/fw: optionally flush all netdevs; optionally prefer one 0/0 routingDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-25ash: fix handling of ${VAR: -2}Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-22config: disentangle PREFER_APPLETS from SH_STANDALONE and SH_NOFORKDenys Vlasenko
On user request. I thought enabling/disabling them all together is more consistent. Evidently, some people do want them to be separately selectable. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-21hush: fix a possible bugDenys Vlasenko
Not sure this was actually a triggerable bug, but the code looked flaky. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-19typo fixesDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-16ash: do not leave SIGQUIT ignored on "exec CMD"Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-14cp: make verbose cp show symlink copies tooDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-14sendmail: include -H and -S in short help textDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-14sendmail: improve help textDenys Vlasenko
* explain which server we contact by default * explain when auth is done * -t is not implied! remove that from help text Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-12trylink: use "mktemp tmp.XXXXXXXXXX" to placate OS XDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-11{md5,shaN}sum: make -c EMPTY failDenys Vlasenko
function old new delta md5_sha1_sum_main 466 485 +19 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-10examples: add a useful "see abridged log" script for ntpd service exampleDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-08cpio: tweak help textDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-06getopt32: add new syntax of 'o:+' and 'o:*' for -o NUM and -o LISTDenys Vlasenko
In many cases, this aqllows to drop use of opt_complementary. Approximately -400 bytes: function old new delta getopt32 1423 1502 +79 opt_string 17 18 +1 OPT_STR 24 25 +1 uniq_main 416 406 -10 timeout_main 279 269 -10 sulogin_main 270 260 -10 readprofile_main 1825 1815 -10 ps_main 543 533 -10 pidof_main 245 235 -10 pgrep_main 611 601 -10 od_main 2600 2590 -10 mkfs_minix_main 2684 2674 -10 mkfs_ext2_main 2603 2593 -10 microcom_main 712 702 -10 makemime_main 315 305 -10 ionice_main 282 272 -10 inetd_main 2074 2064 -10 ifplugd_main 1144 1134 -10 halt_main 353 343 -10 getopt_main 636 626 -10 fdisk_main 2854 2844 -10 env_main 206 196 -10 dmesg_main 319 309 -10 conspy_main 1214 1204 -10 awk_main 981 971 -10 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/22 up/down: 81/-220) Total: -139 bytes text data bss dec hex filename 919373 906 14060 934339 e41c3 busybox_old 918969 906 14060 933935 e402f busybox_unstripped Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-06whois: implement -iDenys Vlasenko
function old new delta whois_main 654 675 +21 packed_usage 30355 30356 +1 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-06whois: make it actually workDenys Vlasenko
It was doing way too simplistic work of just querying the server, no redirects, no query massaging. This required user to know a lot about whois, and enter at least three queries for each host to get meaningful information. function old new delta whois_main 209 646 +437 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-05build system: fix a few warnings for allnoconfig buildDenys Vlasenko
Not that allnoconfig build is useful in any way... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-05libbb: suppress warning about run_applet_and_exitRon Yorston
When busybox is configured to contain a single applet an unnecessary declaration of run_applet_and_exit results in a warning. Move the declaration to avoid this. Reported-by: Lauri Kasanen <curaga@operamail.com> Signed-off-by: Ron Yorston <rmy@pobox.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-04arp: fix buffer overflow. Closes 9071Denys Vlasenko
function old new delta arp_main 1910 1898 -12 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-03udhcpc: run "deconfig" script in manual renew state too. closes 9061Denys Vlasenko
The bug was seen when the following is done: # killall 1 udhpc; killall 2 udhpc Performing a DHCP renew state: 2 -> 5 Sending renew... Entering released state state: 5 -> 6 <<<<<<<<<<<<<< not calling script!!!! Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-07-03ntpd: daemonize before DNS resolutionDenys Vlasenko
This resolves the following use case problem: "I start ntpd by default from /etc/init.d There might be no working network connection (not configured properly for whatever reason, hardware problems, whatelse). With busybox 1.25 ntpd seems to loop forever if now NTP servers are found, blocking the boot process and I never get a login to solve a possible pb or to do a first time configuration." Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-29build system: make CONFIG_FEATURE_USE_BSS_TAIL less funkyDenys Vlasenko
CONFIG_FEATURE_USE_BSS_TAIL code was aliasing bb_common_bufsiz1 to _end. This is unreliable: _end may be not sufficiently aligned. Change code to simply enlarge COMMON_BUFSIZE when we detect that _end has significant amount of space to the end of page. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-24df: use f_frsize instead of f_bsize for correct sizesNatanael Copa
Use the correct field f_frsize instead of f_bsize. The statfs f_bsize is the "Optimal transfer block size" while the f_frsize is the "Fragment size (since Linux 2.6)". On some FUSE filesystems those may differ. Fixes bug 9046 URL: https://bugs.busybox.net/show_bug.cgi?id=9046 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-24i2cdump: don't use common_bufsiz1Bartosz Golaszewski
Commit e6a2f4cc changed the way common_bufsiz1 works. Now it needs to be initialized before using, but i2cdump wasn't updated by said patch. Since the fact that we're using common_bufsiz1 here isn't obvious (no G_INIT() macro, no other global variables), drop it and simply allocate the integer array required for block reads on the stack. Tested with i2c block read on a Lenovo Thinkpad laptop. Signed-off-by: Bartosz Golaszewski <bartekgola@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-23ping: populate icmp_id field for "simple" ping tooJonas Danielsson
The ICMP RFC says that identifier and sequence number may be zero. Having them zero for a Echo message, along with a data of zero's as well will result in a Echo reply message with only zero's. Some NAT implementations seem to get the checksum wrong on these packages. Setting a checksum of 0x0 instead of 0xffff. Through NAT: Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x0000 [incorrect, should be 0xffff] Identifier (BE): 0 (0x0000) Identifier (LE): 0 (0x0000) Sequence number (BE): 0 (0x0000) Sequence number (LE): 0 (0x0000) Data (56 bytes) Data: 000000000000000000000000000000000000000000000000... [Length: 56] Without NAT: Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0xffff [correct] Identifier (BE): 0 (0x0000) Identifier (LE): 0 (0x0000) Sequence number (BE): 0 (0x0000) Sequence number (LE): 0 (0x0000) [Request frame: 189] [Response time: 0.024 ms] Data (56 bytes) Data: 000000000000000000000000000000000000000000000000... [Length: 56] And this in turn will make some hardware MAC checksum offloading engines drop the packet. (This was seen with a Synopsis MAC, the same one used in for instance the stmmac Ethernet driver in the linux kernel.) This change can be seen as a workaround for bugs in other layers. But just setting an identifier for the Echo message packet will avoid prodding the hornets nest. function old new delta common_ping_main 424 500 +76 Signed-off-by: Jonas Danielsson <jonasdn@axis.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-22Start 1.26.0 development cycleDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-22Bump version to 1.25.0Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2016-06-21libarchive: fix xmalloc_open_zipped_read_close()Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>