| Age | Commit message (Collapse) | Author |
|---|
|
Thanks to P.J. Day.
|
|
|
|
|
|
|
|
see www.7-zip.org)
|
|
open and read from the file isn't something we can recover from after the
fact. Resequence things to check first, write second.
|
|
we don't close the pipe the child process won't exit, and we'll hang in
waitpid().
|
|
What's up with loginutils/su.c line 42: "SYSLOG_SUCESS" ? Please have a look..
|
|
|
|
|
|
which was apparently never tested. That meant that there always had
to be at least one unparsed argument left over, which is not the case for
tar.
|
|
and switch more stuff from CONFIG to ENABLE.
|
|
|
|
I have no idea how to apply bb_getopt_complementally to a --longopt that
has no short option. The documentation from vodz has a bad case of
babelfish poisoning, and I can't understand it. It sort of seems to
suggest there is a way, but what it is I have no idea. So I used \n as
the short option, which is fairly unlikely to be used for something else. :)
|
|
- new bb_getopt_ulflags features: check max and min args, convert first argv to options special for ar and tar applets
- use bb_default_error_retval for env applet
|
|
|
|
- more long opt compatibility, can set flag for long opt struct now
- more logic: check opt-depend requires and global requires, special for 'id' and 'start-stop-daemon' applets.
|
|
ln.c: error_msg(str)->error_msg(%s, str) - remove standart "feature" for hackers
reduce 100 bytes don't care in sum
|
|
my_getpwnam -> bb_xgetpwnam /* dies on error */
my_getgrnam -> bb_xgetgrnam /* dies on error */
my_getgrgid -> bb_getgrgid
my_getpwuid -> bb_getpwuid
my_getug -> bb_getug
|
|
2) better support long options
3) new flag '!' for bb_opt_complementally: produce bb_show_usage() if BB_GETOPT_ERROR internally
|
|
trailing / turns that into an empty string.
|
|
shell out to an external program to handle gzip anyway...
|
|
(BB_GETOPT_ERROR)
|
|
Hi,
I've spent the half night staring at the devilish my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
Maybe this buffers can be reduced a bit ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
size busybox
text data bss dec hex filename
239568 2300 36816 278684 4409c busybox
size busybox_fixed
text data bss dec hex filename
239616 2300 36816 278732 440cc busybox
7) The behaviour of whoami changed:
actually it prints out an username cut down to the size of the buffer.
This could be fixed by increasing the size of the buffer as in id.c or
avoid the use of my_getpwuid and use getpwuid directly instead.
Maybe this colud be also remain unchanged......
Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
|
|
dev_t. This is especially important now that the user space concept of a dev_t
and the kernel concept of a dev_t are divergant. The only bit of user space
allowed to know the number of major and minor bits is include/sys/sysmacros.h
(i.e. part of libc). When used with a current C library and a 2.6.x kernel,
this fix should allow BusyBox to support wide device major/minor numbers.
-Erik
|
|
|
|
Hello,
I found and patched 2 more bugs. The first is a misplaced semi-colon. The second
one is a buffer overflow. I doubt the buffer overflow is triggered in real life.
But you never know what those wily hackers are up to.
Thanks,
Steve Grubb
|
|
|
|
This is a bulk spelling fix patch against busybox-1.00-pre10.
If anyone gets a corrupted copy (and cares), let me know and
I will make alternate arrangements.
Erik - please apply.
Authors - please check that I didn't corrupt any meaning.
Package importers - see if any of these changes should be
passed to the upstream authors.
I glossed over lots of sloppy capitalizations, missing apostrophes,
mixed American/British spellings, and German-style compound words.
What is "pretect redefined for test" in cmdedit.c?
Good luck on the 1.00 release!
- Larry
|
|
s/fileno\(stdout\)/STDOUT_FILENO/g
|
|
|
|
|
|
options, add some conditions to the tar tests in testsuite.
|
|
archive_xread can be replaced with bb_full_read, and archive_copy_file
with bb_copyfd*
bb_copyfd is split into two functions bb_copyfd_size and bb_copyfd_eof,
they share a common backend.
|
|
|
|
|
|
tar file.
|
|
|
|
prevent overwritting existing files
|
|
|
|
Need to chdir after the tar file is opened, so make common tar filename
parsing and send the file descriptor rather than filename to
writeTarFile.
Modify the verboseFlag operation to determine wether to display on
stderr or stdout at display time, simpler than doing it in tar_main.
|
|
|
|
|
|
bb-tar "cjf" does not create a valid tbz2-archive -- if fact the result is a
plain tar-file (no compression) -- but does not warn about the unrecognized
parameter combination "cj" (bb does not have bzip2-compression yet, right?).
to fix this I have added an error message stating this does not work.
He also reported
cosmetic: versose "-v" does not show any output when used with "create"
which I have now fixed as well.
-Erik
|
|
He took a look into the recent reports of tar problems, and found an obvious
typo in last_patch91 from vodz which converted tar to use bb_getopt_ulflags.
|
|
|
|
|
|
|
|
cause nasty problems if overwriting glibc, spotted by waldi.
|
|
|
