Age | Commit message (Collapse) | Author |
|
Hi,
I've spent the half night staring at the devilish my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
Maybe this buffers can be reduced a bit ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
size busybox
text data bss dec hex filename
239568 2300 36816 278684 4409c busybox
size busybox_fixed
text data bss dec hex filename
239616 2300 36816 278732 440cc busybox
7) The behaviour of whoami changed:
actually it prints out an username cut down to the size of the buffer.
This could be fixed by increasing the size of the buffer as in id.c or
avoid the use of my_getpwuid and use getpwuid directly instead.
Maybe this colud be also remain unchanged......
Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
|
|
|
|
|
|
Hi to all,
This patch is useful for:
1) remove an unused var from extern char *find_real_root_device_name(const char* name)
changing it to extern char *find_real_root_device_name(void).
2) fixes include/libbb.h, coreutils/df.c, util-linux/mount.c and util-linux/umount.c accordingly.
3) fixes a bug, really a false positive, in find_real_root_device_name() that happens if
in the /dev directory exists a link named root (/dev/root) that should be skipped but
is not. This affects applets like df that display wrong results
|
|
some trailing '\n'
|
|
|
|
|
|
|
|
|
|
new stuff mjn3 wrote for uClibc
|
|
On Sat, Jun 19, 2004 at 10:57:37PM +0200, Bastian Blank wrote:
> The following patch changes klogd to use openlog/syslog themself
> instead of calling syslog_msg which always calls the triple
> openlog/syslog/closelog.
Updated patch: get rid of syslog_msg entirely. Request from Erik Andersen.
Bastian
|
|
The updated patch adds a config option to explicitely enable 64 bit
arithmetic.
Also it removes the arith prototype from libbb.h as it is not used
outside of ash.
Bastian
this patch has been slightly modified by Erik for cleanliness.
|
|
dont commit yet as we are in feature freeze
|
|
selected at configure time.
|
|
test it before checking in..." New entry for famous last words list.)
Add the missing backslash at the end of the new sed doc string line.
(This one actually compiled with "show verbose applet usage messages"...)
|
|
and alphabetizie the option list.)
|
|
People wishing to use minit can obtain it and obtain support from
http://www.fefe.de/minit/
|
|
|
|
|
|
Hi there,
the "-h" option of httpd is not described in the usage text.
Please find the attached patch.
Thanks.
Steven
|
|
This is a bulk spelling fix patch against busybox-1.00-pre10.
If anyone gets a corrupted copy (and cares), let me know and
I will make alternate arrangements.
Erik - please apply.
Authors - please check that I didn't corrupt any meaning.
Package importers - see if any of these changes should be
passed to the upstream authors.
I glossed over lots of sloppy capitalizations, missing apostrophes,
mixed American/British spellings, and German-style compound words.
What is "pretect redefined for test" in cmdedit.c?
Good luck on the 1.00 release!
- Larry
|
|
|
|
|
|
The -i option was not documented, and in genereal
the formatting was a bit ugly.
|
|
|
|
|
|
kindly reviewing the existing docs and providing helpful feedback.
|
|
never worked.... Most people use 'ip addr foo' I suppose.
|
|
|
|
|
|
|
|
|
|
the reality a bit to better match debian behavior.
|
|
|
|
|
|
fixes some bugs, adds some error checking, and removes _lots_ of bloat.
Text size on i386...
old new
ipv6 5425 3523
no ipv6 3143 2193
|
|
to work. Without /proc mounted, one must explicitly specify the
type of every filesystem being mounted.
|
|
|
|
|
|
Hi,
Well, I made this patch a long time ago (08/2002) because it was a
need of a project, but had no time to send it to you. It adds support
to `autologin' option of the telnet protocol. It has been used since
made with busybox 0.60.3 at production and I had no problems with it.
I have ported it to the HEAD revision of the CVS server (20040211) and
I hope you enjoy and apply it to the official sources. :)
Thanks a lot!
|
|
|
|
it seemed like a good idea at the time.
|
|
|
|
parsing problems.
|
|
|
|
/etc/services support for inetd, netcat and tftp.
|
|
clearer (from N to [N]) and indirectly (through bb_xgetlarg) adds support
for -h ;-)
|
|
different string, used by the debian busybox-cvs to specify the debian
date based version number.
|
|
|
|
|