Age | Commit message (Collapse) | Author |
|
Hi,
I've spent the half night staring at the devilish my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
Maybe this buffers can be reduced a bit ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
size busybox
text data bss dec hex filename
239568 2300 36816 278684 4409c busybox
size busybox_fixed
text data bss dec hex filename
239616 2300 36816 278732 440cc busybox
7) The behaviour of whoami changed:
actually it prints out an username cut down to the size of the buffer.
This could be fixed by increasing the size of the buffer as in id.c or
avoid the use of my_getpwuid and use getpwuid directly instead.
Maybe this colud be also remain unchanged......
Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
|
|
Hi to all,
This patch is useful for:
1) remove an unused var from extern char *find_real_root_device_name(const char* name)
changing it to extern char *find_real_root_device_name(void).
2) fixes include/libbb.h, coreutils/df.c, util-linux/mount.c and util-linux/umount.c accordingly.
3) fixes a bug, really a false positive, in find_real_root_device_name() that happens if
in the /dev directory exists a link named root (/dev/root) that should be skipped but
is not. This affects applets like df that display wrong results
|
|
On Sat, Jun 19, 2004 at 10:57:37PM +0200, Bastian Blank wrote:
> The following patch changes klogd to use openlog/syslog themself
> instead of calling syslog_msg which always calls the triple
> openlog/syslog/closelog.
Updated patch: get rid of syslog_msg entirely. Request from Erik Andersen.
Bastian
|
|
The updated patch adds a config option to explicitely enable 64 bit
arithmetic.
Also it removes the arith prototype from libbb.h as it is not used
outside of ash.
Bastian
this patch has been slightly modified by Erik for cleanliness.
|
|
|
|
|
|
|
|
it seemed like a good idea at the time.
|
|
parsing problems.
|
|
/etc/services support for inetd, netcat and tftp.
|
|
function as there is no gracefull way of handling failures.
Rename bb_getport to bb_lookup_port, allow a default port to be
specified so it always returns a correct value.
Modify ftpgetput/rdate/wget to use the new interface.
wget/rdate now use etc/services with a falback default value.
|
|
|
|
archive_xread can be replaced with bb_full_read, and archive_copy_file
with bb_copyfd*
bb_copyfd is split into two functions bb_copyfd_size and bb_copyfd_eof,
they share a common backend.
|
|
|
|
|
|
Here's a fix for the hard-coded device name in fbset.
|
|
algorithms.
Move algorithms to hash_fd and make them available via a common
function.
|
|
I have checked rdate. Someone should also check ftpget/ftpput to
be sure they still work.
|
|
in order to fix the problems with round robin DNS reported
by Andrew Flegg:
http://busybox.net/lists/busybox/2003-October/009579.html
This removes the ipv6 specific xconnect dns lookups. I do
not see why that would need to be special cased for ipv6 as
was done, but that will just have to be tested.
So IPV6 people -- please test this change!
-Erik
|
|
full_write to use safe_write internally, which is needed to guarantee proper
behavior, i.e. when writing to a pipe.
|
|
introduces a few others (but they are being worked on)
|
|
chgrp and install.
|
|
to ensure proper fallback behavior on, i.e. serial consoles.
-Erik
|
|
patch from Thomas Gleixner to init.
Viodz last_patch_108
|
|
constant.
Vodz last_patch_107
|
|
In BusyBox v1.00-pre2,
commands like ls, df with -h option report a wrong file size for files larger than 4GBtye!!
For example,
when I execute 'ls -l', it reports
-rw-r--r-- 1 root root 5368709120 Aug 17 2003 large_stream.tp
when I execute 'ls -lh', I expect that
-rw-r--r-- 1 root root 5.0G Aug 17 2003 large_stream.tp
but it reports
-rw-r--r-- 1 root root 1.0G Aug 17 2003 large_stream.tp
I fixed this bug that...
Line 31 in libbb/human_readable.c and line 275 include/libbb.h
const char *make_human_readable_str(unsigned long size
=> const char *make_human_readable_str(unsigned long long size
It's OK!
|
|
|
|
this patch fixes run_parts when it's called by ifupdown. 1) argv has to be a
NULL terminated char* array, not just a string. 2) run_parts now explicitly
sets the environment. this environment is populated from the
/etc/network/interfaces config file and is needed by the scripts in
/etc/network/if-pre-up.d/. when run-parts is called from the command line the
environment is taken from the current process.
Vladimir Oleynik then wrote:
You can simplify this if use:
+ bb_xasprintf(&buf[0], "/etc/network/if-%s.d", opt);
+ buf[1] = NULL;
+
+ run_parts(&buf, 2, environ);
+ free(buf[0]);
--w
vodz
|
|
Hi.
Last patch have new libbb function
vfork_rexec() for can use daemon() to uClinux system.
This patched daemons: syslog, klogd, inetd, crond.
This not tested! I havn`t this systems.
Also. Previous patch for feature request MD5 crypt password for
httpd don`t sended to this mailist on 07/15/03
(mailist have Pytom module problem?).
The previous patch included, and have testing.
--w
vodz
|
|
|
|
The current SC_x references automatically assume that everyone uses ttyS/tts
as their naming scheme for their serial ports. This isn't the case for quite
a few architectures, including sh, sh64, h8, arm, etc.
|
|
|
|
I've attached my latest SE Linux patch for busybox against the latest CVS
version of busybox.
|
|
Hello, I think the test for an unconfigured httpd is wrong in
the CVS (busybox-unstable-20030620.tar.bz2)
flg_deny_all is default 0
vodz then wrote:
Oops. You are right.
Also, this mistake haved from two place.
Last patch rewroted to my new get_ularg() function for overcompensate size
from this error found ;-)
|
|
formatting in cut.
|
|
Manuel,
I rewrite bb_getopt_ulflags() function for more universal usage.
My version support now:
- options with arguments (optional arg as GNU extension also)
- complementaly and/or incomplementaly and/or incongruously and/or list
options
- long_opt (all applets may have long option, add supporting is trivial)
This realisation full compatibile from your version.
Code size grow 480 bytes, but only coreutils/* over compensate this size
after using new function. Last patch reduced over 800 bytes and not full
applied to all. "mkdir" and "mv" applets have long_opt now for demonstrate
trivial addition support long_opt with usage new bb_getopt_ulflags().
Complementaly and/or incomplementaly and/or incongruously and/or list options
logic is not trivial, but new "cut" and "grep" applets using this logic
for examples with full demostrating. New "grep" applet reduced over 300
bytes.
Mark,
Also. I removed bug from "grep" applet.
$ echo a b | busybox grep -e a b
a b
a b
But right is printing one only.
--w
vodz
|
|
|
|
|
|
|
|
numbers from getopt which includes careful error checking.
-Erik
|
|
|
|
patch from Bastian Blank
|
|
is not found. Patch from Bastian Blank
|
|
N. Oleynik
|
|
|
|
|
|
(eg ifupdown). Changed the name to llist_add_to as i plan on adding more llist_ functions as needed (e.g. llist_free).
|
|
|
|
moves the guts of run_parts to libbb to be used by ifupdown.
|
|
descriptors, support tar -j
|