Age | Commit message (Collapse) | Author |
|
Hi,
I've spent the half night staring at the devilish my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
Maybe this buffers can be reduced a bit ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
size busybox
text data bss dec hex filename
239568 2300 36816 278684 4409c busybox
size busybox_fixed
text data bss dec hex filename
239616 2300 36816 278732 440cc busybox
7) The behaviour of whoami changed:
actually it prints out an username cut down to the size of the buffer.
This could be fixed by increasing the size of the buffer as in id.c or
avoid the use of my_getpwuid and use getpwuid directly instead.
Maybe this colud be also remain unchanged......
Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
|
|
Example of broken usage: ./busybox test 2147483648 -gt 2147483648
|
|
Hi to all,
This patch is useful for:
1) remove an unused var from extern char *find_real_root_device_name(const char* name)
changing it to extern char *find_real_root_device_name(void).
2) fixes include/libbb.h, coreutils/df.c, util-linux/mount.c and util-linux/umount.c accordingly.
3) fixes a bug, really a false positive, in find_real_root_device_name() that happens if
in the /dev directory exists a link named root (/dev/root) that should be skipped but
is not. This affects applets like df that display wrong results
|
|
the 'who' and 'last' applets among other things to work as expected.
-Erik
|
|
dev_t. This is especially important now that the user space concept of a dev_t
and the kernel concept of a dev_t are divergant. The only bit of user space
allowed to know the number of major and minor bits is include/sys/sysmacros.h
(i.e. part of libc). When used with a current C library and a 2.6.x kernel,
this fix should allow BusyBox to support wide device major/minor numbers.
-Erik
|
|
increment > 0.
|
|
"As noticed today by Steven Scholz, the od's `-v' was broken.
I've fixed that and now both the flags `-v' and `-a' are OK"
Fixes a segfault in
echo "uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu\02bar\4"| ./busybox od -av
|
|
Also, make sure read errors are reflected in the applet exit code.
|
|
|
|
Run this test, against both busybox and a non-busybox version of "tee".
while true; do i=$[$i+1]; echo "hello $i"; sleep 1; done | ./busybox tee
Now run the busybox one again with the following small patch applied:
|
|
Hi,
I just re-reviewed the patch I just sent...and it needed to be BUFSIZ-3 in
dos2unix.c . tempFn is BUFSIZ so the last addressable spot it BUFSIZ-1. The loop
increments by 2. That's why it should be BUFSIZ-3.
Best Regards,
Steve Grubb
|
|
Hello,
I found and patched 2 more bugs. The first is a misplaced semi-colon. The second
one is a buffer overflow. I doubt the buffer overflow is triggered in real life.
But you never know what those wily hackers are up to.
Thanks,
Steve Grubb
|
|
|
|
email address was wrong!
|
|
This is a bulk spelling fix patch against busybox-1.00-pre10.
If anyone gets a corrupted copy (and cares), let me know and
I will make alternate arrangements.
Erik - please apply.
Authors - please check that I didn't corrupt any meaning.
Package importers - see if any of these changes should be
passed to the upstream authors.
I glossed over lots of sloppy capitalizations, missing apostrophes,
mixed American/British spellings, and German-style compound words.
What is "pretect redefined for test" in cmdedit.c?
Good luck on the 1.00 release!
- Larry
|
|
|
|
s/fileno\(stdout\)/STDOUT_FILENO/g
|
|
I've noticed a bug in the "autowidth" feature more, and is probably in
others. The call to the function get_terminal_width_height() passes
in a file descriptor but that file descriptor is never used, instead
the ioctl() is called with 0. In more_main() the call to
get_terminal_width_height() passes 0 as the file descriptor instead of
fileno(cin). This isn't a problem when you more a file (e.g. "more
/etc/passwd") but when you pipe a file to it (e.g. "cat /etc/passwd |
more") the size of the terminal cannot be determined because file
descriptor 0 is not a terminal. The fix is simple, I've attached a
patch for more.c and get_terminal_width_height.c.
BAPper
|
|
|
|
Current `tr' implementation has a problem, if `plain char' is signed.
[current cvs version]
>echo a | _install/usr/bin/tr '\0' '\377'
Segmentation fault (core dumped)
[patched version]
>echo a | _install/usr/bin/tr '\0' '\377'
a
|
|
blocks
|
|
|
|
|
|
|
|
There was an extra blank line preceding the first directory.
|
|
|
|
|
|
adjustment of whitespace.
|
|
|
|
option yet
|
|
un-needed if statement, minor indenting change
|
|
Hi, Glenn.
Current CVS "ls" applet have small problem: some options
ignoring. Last patch attached ;-)
--w
vodz
|
|
Hello,
when calling seq with
seq 1 1
it generates an "endless" list of numbers until the counter wraps and
reaches 1 again. The follwoing small patch should introduce the
expected behavior (output of 1 and termination):
regards,
Jean
|
|
|
|
|
|
|
|
should always be aligned.
|
|
uuencode fails to encode binary data because it right-shifts
bytes as signed chars and keeps the duplicated sign bits.
The original base64_encode() from wget/http.c is broken as well,
but it is only used to encode ascii data.
-- Pascal
|
|
reported by Rob.
|
|
|
|
|
|
|
|
|
|
change.
Dont use bb_make_directory it doesnt have the features, and its ugly to
work around it.
|
|
|
|
|
|
mkdir foo
touch foo/bar
ln -s bar foo/baz
|
|
When linking a non existing file busybox ln will report the target
missind and not the source:
|
|
|
|
We may be installing symlinks, so use lstat/lchown.
Make use of bb_getopt_ulflags and cp_mv_stat2, save 100 bytes.
|