Commit Graph

134 Commits

Author SHA1 Message Date
Eric Andersen
52499cb9ae Tito writes:
Hi,
I've spent the half night staring at the devilish  my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've  found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and  logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
     false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
     The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
     Maybe this buffers can be reduced a bit  ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
     size busybox
       text    data     bss     dec     hex filename
     239568    2300   36816  278684   4409c busybox
    size busybox_fixed
       text    data     bss     dec     hex filename
     239616    2300   36816  278732   440cc busybox
7) The behaviour of whoami changed:
    actually it  prints out an username cut down to the size of the buffer.
    This could be fixed by increasing the size of the buffer as in id.c or
    avoid the use of my_getpwuid and use getpwuid directly instead.
    Maybe this colud be also remain unchanged......

Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
2004-08-26 22:18:59 +00:00
Eric Andersen
93d7fba892 Tito, farmatito at tiscali dot it writes:
Hi to all,
This patch is useful for:
1) remove an unused var from extern char *find_real_root_device_name(const char* name)
    changing it to extern char *find_real_root_device_name(void).
2) fixes include/libbb.h, coreutils/df.c, util-linux/mount.c and  util-linux/umount.c accordingly.
3) fixes a bug, really a false positive,  in find_real_root_device_name() that happens if
    in the /dev directory exists a link named root (/dev/root) that should be skipped but
    is not. This affects applets like df that display wrong results
2004-08-03 00:14:02 +00:00
Eric Andersen
36adca81f5 Patch from Bastian Blank:
On Sat, Jun 19, 2004 at 10:57:37PM +0200, Bastian Blank wrote:
> The following patch changes klogd to use openlog/syslog themself
> instead of calling syslog_msg which always calls the triple
> openlog/syslog/closelog.

Updated patch: get rid of syslog_msg entirely. Request from Erik Andersen.

Bastian
2004-06-22 10:07:17 +00:00
Eric Andersen
ed9ecf7894 Patch from Bastian Blank:
The updated patch adds a config option to explicitely enable 64 bit
    arithmetic.

    Also it removes the arith prototype from libbb.h as it is not used
    outside of ash.

    Bastian

this patch has been slightly modified by Erik for cleanliness.
2004-06-22 08:29:45 +00:00
Eric Andersen
6f9a7783ce Do not use getpass(3) 2004-05-01 01:27:30 +00:00
Eric Andersen
c7bda1ce65 Remove trailing whitespace. Update copyright to include 2004. 2004-03-15 08:29:22 +00:00
Eric Andersen
3cac0c7d7f Add prototypes for safe_strtol and friends 2004-03-12 22:08:13 +00:00
Glenn L McGrath
15c3512614 Sometimes i get carried away with the use of function pointers, im sure
it seemed like a good idea at the time.
2004-02-21 09:20:56 +00:00
Manuel Novoa III
68474f3b36 Make sure stdlib.h is always included before dmalloc.h to avoid problems
parsing problems.
2004-02-05 14:45:58 +00:00
Glenn L McGrath
036dbaa082 Modify bb_lookup_port to allow the protocol to be specified, allowing
/etc/services support for inetd, netcat and tftp.
2004-01-17 05:03:31 +00:00
Glenn L McGrath
ffccf6eb5d Change interface to bb_lookup_host, dont try and set port inside this
function as there is no gracefull way of handling failures.
Rename bb_getport to bb_lookup_port, allow a default port to be
specified so it always returns a correct value.
Modify ftpgetput/rdate/wget to use the new interface.
wget/rdate now use etc/services with a falback default value.
2003-12-20 01:47:18 +00:00
Russ Dill
a1fece2c70 Get vfork_daemon_rexec working under uclinux 2003-12-15 21:57:44 +00:00
Glenn L McGrath
7ffe133864 As we no longer use function pointers for read in common archiving code
archive_xread can be replaced with bb_full_read, and archive_copy_file
with bb_copyfd*
bb_copyfd is split into two functions bb_copyfd_size and bb_copyfd_eof,
they share a common backend.
2003-11-21 22:24:57 +00:00
Glenn L McGrath
78cd84da8a Dont over-read fd, use function pointer for hash function. 2003-11-20 21:30:58 +00:00
Glenn L McGrath
d85421de22 Include stdint.h 2003-11-20 05:26:38 +00:00
Eric Andersen
5f28455c6e Oskar Liljeblad writes:
Here's a fix for the hard-coded device name in fbset.
2003-11-14 03:11:29 +00:00
Glenn L McGrath
d2a897aab0 Merge common parts of sha1sum and md5sum, which is everything except the
algorithms.
Move algorithms to hash_fd and make them available via a common
function.
2003-11-10 04:33:55 +00:00
Eric Andersen
04d055f4e1 Fix rdate and ftpget/ftpput so they compile with the new xconnect.
I have checked rdate.  Someone should also check ftpget/ftpput to
be sure they still work.
2003-11-03 21:20:18 +00:00
Eric Andersen
e6dc439b3a Rework wget, the xconnect interface, and its various clients
in order to fix the problems with round robin DNS reported
by Andrew Flegg:
    http://busybox.net/lists/busybox/2003-October/009579.html

This removes the ipv6 specific xconnect dns lookups.  I do
not see why that would need to be special cased for ipv6 as
was done, but that will just have to be tested.

So IPV6 people -- please test this change!

 -Erik
2003-10-31 09:31:46 +00:00
Eric Andersen
dae099b2f9 We did not have a safe_write, which is the analog to safe_read. Convert
full_write to use safe_write internally, which is needed to guarantee proper
behavior, i.e. when writing to a pipe.
2003-10-09 08:35:42 +00:00
Glenn L McGrath
aa5a602689 Patch by Rob Landley, work in progress update, fixes lots of bugs,
introduces a few others (but they are being worked on)
2003-10-01 03:06:16 +00:00
Glenn L McGrath
eebcc1d98a Add the "install" applet, move get_ug_id to libbb as its used by chown,
chgrp and install.
2003-09-24 03:22:57 +00:00
Eric Andersen
8efe967018 Be entirely consistant when using ioctl(0, TIOCGWINSZ, &winsize)
to ensure proper fallback behavior on, i.e. serial consoles.
 -Erik
2003-09-15 08:33:45 +00:00
Glenn L McGrath
99bd5adf99 more crond+crontab integrating with loginutil libbb functions and deleted
patch from Thomas Gleixner to init.
Viodz last_patch_108
2003-09-03 12:18:42 +00:00
Glenn L McGrath
dc4e75ef7c move all "-/bin/sh" "/bin/sh" and "sh" to libbb/messages.c file as one
constant.
Vodz last_patch_107
2003-09-02 02:36:18 +00:00
Eric Andersen
97e2426582 "staywithu" writes:
In BusyBox v1.00-pre2,
 commands like ls, df with -h option report a wrong file size for files larger than 4GBtye!!

For example,
   when I execute 'ls -l', it reports
      -rw-r--r--      1 root       root    5368709120    Aug    17  2003  large_stream.tp

   when I execute 'ls -lh', I expect that
      -rw-r--r--      1 root       root                5.0G    Aug    17  2003  large_stream.tp

  but it reports
      -rw-r--r--      1 root       root                1.0G    Aug    17  2003  large_stream.tp

I fixed this bug that...
 Line 31 in libbb/human_readable.c and line 275 include/libbb.h

     const char *make_human_readable_str(unsigned long size
      =>   const char *make_human_readable_str(unsigned long long size

It's OK!
2003-08-22 23:08:37 +00:00
Eric Andersen
546f21aa2d Remove code that too agressively disabled inlines 2003-08-01 22:27:57 +00:00
Eric Andersen
2a186890ee Bruno Randolf writes:
this patch fixes run_parts when it's called by ifupdown. 1) argv has to be a
NULL terminated char* array, not just a string. 2) run_parts now explicitly
sets the environment. this environment is populated from the
/etc/network/interfaces config file and is needed by the scripts in
/etc/network/if-pre-up.d/. when run-parts is called from the command line the
environment is taken from the current process.


Vladimir Oleynik then wrote:

You can simplify this if use:

+       bb_xasprintf(&buf[0], "/etc/network/if-%s.d", opt);
+       buf[1] = NULL;
+
+       run_parts(&buf, 2, environ);
+       free(buf[0]);

--w
vodz
2003-07-29 07:05:40 +00:00
Eric Andersen
35e643b39f last_patch95 from vodz:
Hi.

Last patch have new libbb function
vfork_rexec() for can use daemon() to uClinux system.
This patched daemons: syslog, klogd, inetd, crond.
This not tested! I havn`t this systems.
Also. Previous patch for feature request MD5 crypt password for
httpd don`t sended to this mailist on 07/15/03
(mailist have Pytom module problem?).
The previous patch included, and have testing.


--w
vodz
2003-07-28 07:40:39 +00:00
Eric Andersen
85e5e72bc1 Remove remaining libc5 support code 2003-07-22 08:56:55 +00:00
Eric Andersen
592ebd507a Patch from Paul Mundt:
The current SC_x references automatically assume that everyone uses ttyS/tts
    as their naming scheme for their serial ports. This isn't the case for quite
    a few architectures, including sh, sh64, h8, arm, etc.
2003-07-22 07:33:14 +00:00
Eric Andersen
f890f9dd16 This declaration no longer needs to hide when using dmalloc 2003-07-07 06:10:31 +00:00
Eric Andersen
9e48045e45 Patch from Russell Coker:
I've attached my latest SE Linux patch for busybox against the latest CVS
    version of busybox.
2003-07-03 10:07:04 +00:00
Eric Andersen
a3bb3e6e0b Geir Thomassen wrote, regarding networking/httpd.c line 1358
Hello, I think the test for an unconfigured httpd is wrong in
    the CVS (busybox-unstable-20030620.tar.bz2)

    flg_deny_all is default 0

vodz then wrote:

    Oops. You are right.
    Also, this mistake haved from two place.
    Last patch rewroted to my new get_ularg() function for overcompensate size
    from this error found ;-)
2003-06-26 09:05:32 +00:00
Eric Andersen
c9e7024924 Add prototype update missing from last_patch89. Fix screwy
formatting in cut.
2003-06-20 09:16:00 +00:00
Eric Andersen
8876fb2f59 last_patch89 from vodz:
Manuel,

    I rewrite bb_getopt_ulflags() function for more universal usage.
    My version support now:
    - options with arguments (optional arg as GNU extension also)
    - complementaly and/or incomplementaly and/or incongruously and/or list
    options
    - long_opt (all applets may have long option, add supporting is trivial)
    This realisation full compatibile from your version.
    Code size grow 480 bytes, but only coreutils/* over compensate this size
    after using new function. Last patch reduced over 800 bytes and not full
    applied to all. "mkdir" and "mv" applets have long_opt now for demonstrate
    trivial addition support long_opt with usage new bb_getopt_ulflags().
    Complementaly and/or incomplementaly and/or incongruously and/or list options
    logic is not trivial, but new "cut" and "grep" applets using this logic
    for examples with full demostrating. New "grep" applet reduced over 300
    bytes.

    Mark,
    Also. I removed bug from "grep" applet.
    $ echo a b | busybox grep -e a b
    a b
    a b
    But right is printing one only.

    --w
    vodz
2003-06-20 09:01:58 +00:00
Eric Andersen
82ab3d7c3e Make all syscall declarations use the syscall() function 2003-05-26 18:48:56 +00:00
Glenn L McGrath
393183dccc Vodz, last_patch_86 2003-05-26 14:07:50 +00:00
Manuel Novoa III
cad5364599 Major coreutils update. 2003-03-19 09:13:01 +00:00
Eric Andersen
a9c6bc41e9 Define bb_xgetlarg as a standard interface for extracting
numbers from getopt which includes careful error checking.
 -Erik
2003-03-07 17:29:12 +00:00
Glenn L McGrath
a88cb5025c Patch from mathuria, compatability with solaris 2003-02-08 23:36:16 +00:00
Glenn L McGrath
9e5d6c002c run telnet from inetd, present login prompt if login is configured,
patch from Bastian Blank
2003-01-21 20:55:56 +00:00
Glenn L McGrath
2e51a14d57 New test mode that allows run_parts to fail silently if the directory
is not found. Patch from Bastian Blank
2003-01-20 23:50:59 +00:00
Glenn L McGrath
b4a1baa312 Correct some init issues, update email address, last_patch78 by Vladimir
N. Oleynik
2003-01-13 22:09:50 +00:00
Tim Riker
cf93274663 rmmod -a removed modules recursively 2002-12-14 01:58:59 +00:00
Glenn L McGrath
25fe94fd32 Merge copyfd and copy_file_chunk 2002-12-13 08:20:44 +00:00
Glenn L McGrath
66125c8065 Move add_to_list from libunarchive to libbb so it can be of more general use (eg ifupdown). Changed the name to llist_add_to as i plan on adding more llist_ functions as needed (e.g. llist_free). 2002-12-08 00:54:33 +00:00
Glenn L McGrath
b963875a3e Move compare_string_array to libbb 2002-12-02 00:01:36 +00:00
Glenn L McGrath
545106f8db Move awk from textutils to editors. Cleanup run-parts, saves 200 bytes, moves the guts of run_parts to libbb to be used by ifupdown. 2002-11-11 06:21:00 +00:00
Glenn L McGrath
237ae42fc9 Abstract read and seek in unarchiving code, convert bunzip to file descriptors, support tar -j 2002-11-03 14:05:15 +00:00