aboutsummaryrefslogtreecommitdiff
path: root/archival
AgeCommit message (Collapse)Author
2004-08-26Tito writes:Eric Andersen
Hi, I've spent the half night staring at the devilish my_getpwuid and my_getgrgid functions trying to find out a way to avoid actual and future potential buffer overflow problems without breaking existing code. Finally I've found a not intrusive way to do this that surely doesn't break existing code and fixes a couple of problems too. The attached patch: 1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows 2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h. 3) The behaviour of tar, ls and logger is unchanged. 4) The behavior of ps with somewhat longer usernames messing up output is fixed. 5) The only bigger change was the increasing of size of the buffers in id.c to avoid false negatives (unknown user: xxxxxx) with usernames longer than 8 chars. The value i used ( 32 chars ) was taken from the tar header ( see gname and uname). Maybe this buffers can be reduced a bit ( to 16 or whatever ), this is up to you. 6) The increase of size of the binary is not so dramatic: size busybox text data bss dec hex filename 239568 2300 36816 278684 4409c busybox size busybox_fixed text data bss dec hex filename 239616 2300 36816 278732 440cc busybox 7) The behaviour of whoami changed: actually it prints out an username cut down to the size of the buffer. This could be fixed by increasing the size of the buffer as in id.c or avoid the use of my_getpwuid and use getpwuid directly instead. Maybe this colud be also remain unchanged...... Please apply if you think it is ok to do so. The diff applies on today's cvs tarball (2004-08-25). Thanks in advance, Ciao, Tito
2004-07-26BusyBox has no business hard coding the number of major and minor bits for aEric Andersen
dev_t. This is especially important now that the user space concept of a dev_t and the kernel concept of a dev_t are divergant. The only bit of user space allowed to know the number of major and minor bits is include/sys/sysmacros.h (i.e. part of libc). When used with a current C library and a 2.6.x kernel, this fix should allow BusyBox to support wide device major/minor numbers. -Erik
2004-07-21Fixup -T (--files-from) option, works for non-directories nowGlenn L McGrath
2004-06-06Update reference for zip formatGlenn L McGrath
2004-05-05Steve Grubb writes:Eric Andersen
Hello, I found and patched 2 more bugs. The first is a misplaced semi-colon. The second one is a buffer overflow. I doubt the buffer overflow is triggered in real life. But you never know what those wily hackers are up to. Thanks, Steve Grubb
2004-04-29Fix symlink handling and small memory leakGlenn L McGrath
2004-04-25Update my email address, document some of my tasks in the AUTHORS fileGlenn L McGrath
2004-04-14Larry Doolittle writes:Eric Andersen
This is a bulk spelling fix patch against busybox-1.00-pre10. If anyone gets a corrupted copy (and cares), let me know and I will make alternate arrangements. Erik - please apply. Authors - please check that I didn't corrupt any meaning. Package importers - see if any of these changes should be passed to the upstream authors. I glossed over lots of sloppy capitalizations, missing apostrophes, mixed American/British spellings, and German-style compound words. What is "pretect redefined for test" in cmdedit.c? Good luck on the 1.00 release! - Larry
2004-04-09Add a comment explaining why we have to check for an extra \nGlenn L McGrath
2004-04-05rename uncompress.c to decompress_uncompress.cEric Andersen
rename unzip.c to decompress_unzip.c
2004-03-27Add missing include filesEric Andersen
2004-03-27s/fileno\(stdin\)/STDIN_FILENO/gEric Andersen
s/fileno\(stdout\)/STDOUT_FILENO/g
2004-03-15Remove trailing whitespace. Update copyright to include 2004.Eric Andersen
2004-02-25Fix option handling, -i or -t must be given, if both ignore the -t.Glenn L McGrath
Use bb_getopt_ulflags.
2004-02-21Sometimes i get carried away with the use of function pointers, im sureGlenn L McGrath
it seemed like a good idea at the time.
2004-02-20Fix up hard linksGlenn L McGrath
2004-02-20A strict interpretation of the ustar format requires the type flag to beGlenn L McGrath
interpreted, we cannot depend on the file type being set in the mode field.
2004-02-19Add extra comments, freakout if a pax archive is encoutered.Glenn L McGrath
2004-02-17Remove debuggingGlenn L McGrath
2004-02-17Dont strip trailing '/' until _after_ i test to set if its there !Glenn L McGrath
2004-01-30s/u_int/uint/gEric Andersen
2004-01-25Add the -h, --dereference option for archive creation.Glenn L McGrath
2004-01-17Patch from Arthur Othieno, clarify common options between dpkg and dpkg-debGlenn L McGrath
2004-01-07Use bb_getopt_ulflags, save 100 bytes and strict argument checking.Glenn L McGrath
2004-01-05Use bb_getopt_ulflags, save 150 bytes.Glenn L McGrath
2004-01-05Use bb_getopt_ulflags, simplify some logic, saves some bytes.Glenn L McGrath
2004-01-04Fix usage with libraries, skip symbol table.Glenn L McGrath
2004-01-04Use bb_getopt_ulflags, saves some space, better argument checking.Glenn L McGrath
Remove ar specific extraction code, always use common extraction code.
2003-12-26Isolate code better for unused options, config option to enable longGlenn L McGrath
options, add some conditions to the tar tests in testsuite.
2003-12-22Fix a bug of mine where extracting files to stdout would extract toGlenn L McGrath
much, modified patch from Bastian Blank
2003-12-21Don't hose up perms for files that happen to have symlinksEric Andersen
in the tarball that point to them. -Erik
2003-12-05Fix a compile error when only using ar, patch by Paul van GoolGlenn L McGrath
2003-11-28Patch from Ian Campbell, fix or'ed dependencies and handle virtualGlenn L McGrath
dependencies.
2003-11-27Fix tar hard linksGlenn L McGrath
2003-11-26Important bugfixes from Ian Campbell.Glenn L McGrath
init_archive_deb_data() We want to filter for data.tar.* in the AR file not the TAR file, else we get nothing. all_control_list() Make the 'extensions' array of control file names a global so it can be used in unpack_package as well. Name the global all_control_files. Don't hard code the length of all_control_files but instead used sizeof. unpack_package() Only unpack the control files we are interested in (from all_control_files). Extract the data.tar.gz into / rather than the current directory. dpkg_main() Configure packages in a second pass so all the packages being installed are unpacked before configuring. Some purely cosmetic changes: header update list of differences since two of them are no longer true. The .control file is no longer stored as a result of this patch -- it was redundant since the info is in status. New packages appear to be added to the end of the status file now rather than the start. remove_package() Make message printing optional, so we can avoid a redundant message when replacing/upgrading a package. When we do print stuff then include the version number. purge_package() Print "Purging xxx (yyy) ..." message like the other actions. configure_package() Add "..." to "Setting up" message to be consistent with other actions.
2003-11-21As we no longer use function pointers for read in common archiving codeGlenn L McGrath
archive_xread can be replaced with bb_full_read, and archive_copy_file with bb_copyfd* bb_copyfd is split into two functions bb_copyfd_size and bb_copyfd_eof, they share a common backend.
2003-11-21Use safe readGlenn L McGrath
2003-11-20Remove unused functionGlenn L McGrath
2003-11-20Fix tar-handles-nested-exclude testcaseGlenn L McGrath
2003-11-20Check at least one context is specifiedGlenn L McGrath
2003-11-20Check there are files to add the archive before removing a specifiedGlenn L McGrath
tar file.
2003-11-20Dont attempt to unlink directoriesGlenn L McGrath
2003-11-18tar -Z, uncompress supportGlenn L McGrath
2003-11-18Dont close original file handle, we may need it later.Glenn L McGrath
2003-11-18Make unlink old files default behaviour and add a new option -k toGlenn L McGrath
prevent overwritting existing files
2003-11-17Dont free filename, its needed in the extracted files list.Glenn L McGrath
2003-11-15Fix a bug where cpio wouldnt work unless -u was specifiedGlenn L McGrath
2003-11-15Move from read_gz to the pipe()+fork() method.Glenn L McGrath
open_transformer(), common code for pipe+fork. Function pointer for read() no longer needed. Allow inflate to be initialised with a specified buffer size to avoid over-reading. Reset static variables in inflate_get_next_window to fix a bug where only the first file in a .zip would be be extracted.
2003-11-15Fix memory leaksGlenn L McGrath
2003-11-14Keep trying to find a good header, if we exit it will cause .tar.gzGlenn L McGrath
files to compute incorrect crc and length for gzip