Hello,
Last November a bug was found in iproute. CAN-2003-0856 has more information.
Basically, netlink packets can come from any user. If a program performs action
based on netlink packets, they must be examined to make sure they came from the
place they are expected (the kernel).
Attached is a patch against pre8. Please apply this before releasing 1.00 final.
All users of busy box may be vulnerable to local attacks without it.
Best Regards,
Steve Grubb
Hi,
the following output is from BusyBox 1.0.0-pre10:
~ # ip link help
ip: Command "help" is unknown, try "ip link help".
tk
This patch fixes it by removing the advertisements for
the "ip blah help" stuff that is not implemented.
This is a bulk spelling fix patch against busybox-1.00-pre10.
If anyone gets a corrupted copy (and cares), let me know and
I will make alternate arrangements.
Erik - please apply.
Authors - please check that I didn't corrupt any meaning.
Package importers - see if any of these changes should be
passed to the upstream authors.
I glossed over lots of sloppy capitalizations, missing apostrophes,
mixed American/British spellings, and German-style compound words.
What is "pretect redefined for test" in cmdedit.c?
Good luck on the 1.00 release!
- Larry
In arpping.h, fix structure alignment of "struct arpMsg".
GCC can insert padding in the structure which causes udhcpd to send an
invalid ARP packet on the network. It will then not receive a valid
reply, which can cause it to assign an IP address that's already in use
on the network.
(With kernels before 2.4.20, the "struct ethhdr" in linux/if_ether.h
wasn't marked as packed. This is also an issue if your toolchain was
built with a pre-2.4.20 kernel).
Hi,
When downloading files over slow network (e.g. wireless/
internet) using IE, sometimes it will stop downloading and
show error message 'connection closed' when the download
is almost complete. This is because IE can't handle server
close connection properly.
Apache http_main.c fix this problem by close the connection
after client close the connection. This patch do exactly the
same thing. Please consider include this patch.
Joe.C
Hi,
Well, I made this patch a long time ago (08/2002) because it was a
need of a project, but had no time to send it to you. It adds support
to `autologin' option of the telnet protocol. It has been used since
made with busybox 0.60.3 at production and I had no problems with it.
I have ported it to the HEAD revision of the CVS server (20040211) and
I hope you enjoy and apply it to the official sources. :)
Thanks a lot!
The config file processing for inetd in busybox-1.00-pre7 and newer
is broken -- the saved command argv[] values overwrite each other.
Patch to fix it is attached.
Cheers
--
Mark Lord
Real-Time Remedies Inc.
Hi,
When httpd connection is closed, bosybox httpd will
not stop reading from CGI program. This patch fix this
problem. It check the return value of bb_full_write and
stop reading from CGI if the connection is closed.
Please apply this patch.
Joe.C
uuencode fails to encode binary data because it right-shifts
bytes as signed chars and keeps the duplicated sign bits.
The original base64_encode() from wget/http.c is broken as well,
but it is only used to encode ascii data.
-- Pascal
function as there is no gracefull way of handling failures.
Rename bb_getport to bb_lookup_port, allow a default port to be
specified so it always returns a correct value.
Modify ftpgetput/rdate/wget to use the new interface.
wget/rdate now use etc/services with a falback default value.
Another issue I found was with the iproute utility. While using another
program I found that it failed because the "ip route del" command was
not found. I looked at the full iproute implementation and this command
exists. The busybox version has the "ip route delete" command. I have
created a patch which makes the "ip route del" command an alias to the
"ip route delete" command.
Hello,
I have been using busybox for some time now, for an ARM based platform.
I was very pleased when I tried the 1.00preX series, with all the new
utilities and daemons.
I found out that the ifupdown in busybox does not behave exaclty like
the debian version. Then the pre-up script fails, the interface is
getting up. Also when the post-up script fails the return value is
ignored. Actually everything is always run and the return value is
always true. I looked at the original implementation from debian and
fixed the busybox version to do the same. A patch is attached if anyone
is interested.
archive_xread can be replaced with bb_full_read, and archive_copy_file
with bb_copyfd*
bb_copyfd is split into two functions bb_copyfd_size and bb_copyfd_eof,
they share a common backend.
I noticed a problem with ifconfig in busybox 0.60.5. The matching code
seems to exist in busybox CVS as well, so I'll paste in the patch that
fixed it.
I was running:
# ifconfig wan0 1.2.3.4 pointopoint 1.2.3.5 netmask 255.255.255.255
I was seeing the inet addr and P-t-P addr both being set to 1.2.3.5
(the pointopoint address).
wan0 Link encap:Point-Point Protocol
inet addr:1.2.3.5 P-t-P:1.2.3.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
...
The patch below seems to fix it.
hello
i had some trouble with the filedescriptor in udhcp.
Two things happened on my device:
1.) broken or not connected cable (no dhcp-server)
2.) daemonizing (starting with option -b)
i got a filedescriptor fd=0 from function raw_socket,
after daemonizing (daemon call) the fd is closed.
Client can't recieve data's anymore.
i fixed this problem (like pidfile handling):
in order to fix the problems with round robin DNS reported
by Andrew Flegg:
http://busybox.net/lists/busybox/2003-October/009579.html
This removes the ipv6 specific xconnect dns lookups. I do
not see why that would need to be special cased for ipv6 as
was done, but that will just have to be tested.
So IPV6 people -- please test this change!
-Erik
the busybox menuconfig triggered my "inacceptable number of spelling mistakes"
upper level, so I decided to make a patch ;-)
I also improved some wording to describe some things in a better way.
Many thanks for an incredible piece of software!
Andreas Mohr, random OSS developer
- env vars CONTENT_TYPE, CONTENT_LENGTH, HTTPD_REFERER, REMOTE_USER and
AUTH_TYPE(Basic always).
- POST data pipied now (previous version have loading into memory may be
big size data and reducing with hardcoded limit)
- removed $CGI_foo environment variables, else my have rubbish
enviroment if POST data have big binary file
- Can`t use 255.255.255.255 address
- typo: double check for valid ip address and uncheck for valid mask
httpd unseted SERVER_PORT (my bug from last_patch111).
last_patch_112 from Vladimir N. Oleynik
On Thu, 2003-09-11 at 01:09, Glenn McGrath wrote:
> Applied
Thanks. Unfortunately there was one small bug in that last patch.
Could you apply this one as well?
p.
Busybox`s httpd have the defect (from born):
ip 1.2.3.1 have true comparing also with
1.2.3.10-1.2.3.19 and 1.2.3.100-1.2.3.199.
Last patch removed this bug and added feature:
allow/deny rule can support network/netmask
example: 1.2.3.0/255.255.255.128
or
network/mask_bits
example: 1.2.3.0/25
now; old format
1
1.2
1.2.3
1.2.3.4
too support and converted to
1/8 1.2/16 1.2.3/24 1.2.3.4/32
automaticaly.
Also, current CVS have small problem: ignores
A:IP, (loses 'A', 'a' only work). Corrected.
of netmasks. It also fixes the parameters for network and netmask to match
that of the official Red Hat version (-n for network and -m for netmask).
Patch by Joshua Jackson
the arguments it consumed, which means the calling function encountered
them as well. As a result, a command like "ip -6 addr" was yielding a usage
error." - Philip Blundell
response sent in chunked transfer encoding, the code path to
resubmit the request to the redirected URL forgets to reset
got_clen and chunked variables in the loop. If the redirected
URL does not use chunked transfer encoding, this causes the code
that slurps the body of the response to incorrectly try to parse
out the chunk length which does not exist." - junkio@
----------------------------------------------------------------------
always told to read sizeof(buf). This waits until the underlying
fread() to time-out for the last part of the downloaded body. Fix
this by sending the number of remaining bytes to read when known." -
junkio@
I reworked the logic in his patch
The attached patch adds "mtu" and "hwaddress" to the inet6 method and
"mtu", "hwaddr" and "pointopoint" to the inet4 method (just like in
the ifupdown part).
Note: "hwaddress" can't be used with the busybox ip applet (this
function isn't implemented in bb ip yet), but it can be of use with
an external "full blown" ip package.
The patch also removes "label" from the loopback configuration,
labels (subinterfaces) aren't used with loopback interfaces.
It further solves a problem in the bootp method, "ifconfig down
%interface%" should be "ifconfig %interface% down" and it's now also
possible to use ip with bootp.
The patch is fully tested with both busybox ip and "stand-alone" ip
and I didn't saw any problems.
The recent changes in ifupdown where all calls to 'ip link set' and
'ip addr set' are swapped give some problems with v4tunnels.
For plain ipv4 and ipv6 interfaces it works correct, other methods
not tried. The patch below change the behaviour back for v4tunnels
only.
Without the patch the following errors are shown:
RTNETLINK answers: Network is down
RTNETLINK answers: No route to host
and the tunnel is not fully brought up
With this patch all works as expected.
this patch fixes run_parts when it's called by ifupdown. 1) argv has to be a
NULL terminated char* array, not just a string. 2) run_parts now explicitly
sets the environment. this environment is populated from the
/etc/network/interfaces config file and is needed by the scripts in
/etc/network/if-pre-up.d/. when run-parts is called from the command line the
environment is taken from the current process.
Vladimir Oleynik then wrote:
You can simplify this if use:
+ bb_xasprintf(&buf[0], "/etc/network/if-%s.d", opt);
+ buf[1] = NULL;
+
+ run_parts(&buf, 2, environ);
+ free(buf[0]);
--w
vodz
Hi.
Last patch have new libbb function
vfork_rexec() for can use daemon() to uClinux system.
This patched daemons: syslog, klogd, inetd, crond.
This not tested! I havn`t this systems.
Also. Previous patch for feature request MD5 crypt password for
httpd don`t sended to this mailist on 07/15/03
(mailist have Pytom module problem?).
The previous patch included, and have testing.
--w
vodz
Hello all,
This patch adds more "Help" text to the config system. Almost
all applets now have a help entry. Also, I cleaned up the spacing of
the existing text so that things are consistent. This patch is against
this morning's CVS.
Thomas Cameron
CEI Systems, Inc.
This patch fixes endian problems with get_netmask(). I don't know if
this is the cleanest solution, but it makes 'ipcalc -n' work on both
an i386 system and a ppc system.
Erik, et al.
The attached patch makes the following changes to networking/ifupdown.c:
(1) It swaps all calls to 'ip link set' and 'ip addr set'. This solves
two problems:
(a) Calling 'ip link set <dev> up' before assigning an address
generates an error message, and
(b) Under User Mode Linux, running in with ethernet interfaces
in daemon mode, the MAC address for an interface is selected
based on the IP address assigned to that interface. If the
interface is brought up before being assigned an IP address,
it gets a null MAC.
(2) It further cleans up run_mapping().
This patch is against ifupdown.c revision 1.25.
-- Lars
Hello, I think the test for an unconfigured httpd is wrong in
the CVS (busybox-unstable-20030620.tar.bz2)
flg_deny_all is default 0
vodz then wrote:
Oops. You are right.
Also, this mistake haved from two place.
Last patch rewroted to my new get_ularg() function for overcompensate size
from this error found ;-)
I'm building BusyBox using a development kit for MontaVista Hardhat Linux
(PPC) -- which, at least in this instance, is based around kernel 2.2.14.
I've had to massage a few files in networking/libiproute/ to make it
compile. Specifically:
(1) Added a #include <sys/uio.h> for the iovec structure in
libnetlink.c,
(2) Put ifdefs in ll_types.c and ll_proto.c around various
constants (ETH_P_xxx and ARPHRD_xxx) that weren't defined,
(3) Make do_changename() in iplink.c require a kernel >=
2.4.0 -- the ifr structure in my environment doesn't
have the ifr_name attribute. I've assumed this is
a kernel dependency -- let me know if I ought to be
checking something else.
In the absence of the correct kernel, do_changename()
always returns 0.
Attached is a patch against the current CVS that will make these changes.
-- Lars