Commit Graph

40 Commits

Author SHA1 Message Date
Eric Andersen
52499cb9ae Tito writes:
Hi,
I've spent the half night staring at the devilish  my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've  found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and  logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
     false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
     The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
     Maybe this buffers can be reduced a bit  ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
     size busybox
       text    data     bss     dec     hex filename
     239568    2300   36816  278684   4409c busybox
    size busybox_fixed
       text    data     bss     dec     hex filename
     239616    2300   36816  278732   440cc busybox
7) The behaviour of whoami changed:
    actually it  prints out an username cut down to the size of the buffer.
    This could be fixed by increasing the size of the buffer as in id.c or
    avoid the use of my_getpwuid and use getpwuid directly instead.
    Maybe this colud be also remain unchanged......

Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
2004-08-26 22:18:59 +00:00
Eric Andersen
c7bda1ce65 Remove trailing whitespace. Update copyright to include 2004. 2004-03-15 08:29:22 +00:00
Eric Andersen
cb81e6484d Update a bunch of docs. Run a script to update my email addr. 2003-07-14 21:21:08 +00:00
Manuel Novoa III
cad5364599 Major coreutils update. 2003-03-19 09:13:01 +00:00
Glenn L McGrath
907a240b1c last_patch57 from Vladimir N. Oleynik 2002-11-10 21:33:28 +00:00
Eric Andersen
02e6ba91e8 Vodz' last_patch57:
Hi, Erik.

    my_getpw(uid/gid) and applets used it have problem:
    if username for uid not found, applets can`t detect it
    (but code pessent). Also "%8ld " format is bad:
    spaces not required (applets have self format
    or spec format (tar applet) and overflow for "id" applet...)
    This problem also pressent in stable version.
    Patch for unstable in attach.

    --w
    vodz
2002-09-30 20:39:56 +00:00
Eric Andersen
bdfd0d78bc Major rework of the directory structure and the entire build system.
-Erik
2001-10-24 05:00:29 +00:00
Eric Andersen
8d79ce8320 Some patches to make dietlibc work... 2001-07-22 23:00:15 +00:00
Eric Andersen
20aab260e2 Some adjustments, mostly from David McCullough <davidm@lineo.com> to
make busybox be more uClinux friendly.  I also adjusted Config.h for
uClinux so it will automagically disable apps the arn't going to
work without fork() and such.
 -Erik
2001-07-19 22:28:02 +00:00
Mark Whitley
6317c4baf7 Applied patch from Gennady Feldman to split up syslogd.c into syslogd and
klogd (as it should be).
2001-03-12 22:51:50 +00:00
Eric Andersen
cbe31dace5 It turns out that DODMALLOC was broken when I reorganized busybox.h
header file usage before the 0.49 release.  To fix it, I had to move
the '#include "busybox.h"' to the end of the list of #include files.
 -Erik
2001-02-20 06:14:08 +00:00
Eric Andersen
67991cf824 This patch, put together by Manuel Novoa III, is a merge of work
done by Evin Robertson (bug#1105) and work from Manuel to make
usage messages occupy less space and simplify how usage messages
are displayed.
2001-02-14 21:23:06 +00:00
Matt Kraai
dd19c69904 Removed trailing \n from error_msg{,_and_die} messages. 2001-01-31 19:00:21 +00:00
Eric Andersen
8ec10a9483 Fix up copyright msgs. Bump version to 0.49 in preparation for
a release.  Update the website with release details.
 -Erik
2001-01-27 09:33:39 +00:00
Eric Andersen
ed3ef50c23 Fix header file usage -- there were many unnecessary header files included in
busybox.h which slowed compiles.  I left only what was needed and then fixed up
all the apps to include their own header files.  I also fixed naming for pwd.h
and grp.h functions.  Tested to compile and run with libc5, glibc, and uClibc.
 -Erik
2001-01-27 08:24:39 +00:00
Eric Andersen
5e8b3ea19d Logger forgot to NULL terminate strings from stdin. 2001-01-03 00:06:46 +00:00
Matt Kraai
1944f547bd Log stdin when no message given and use getopt. 2001-01-02 18:13:58 +00:00
Eric Andersen
d323d32c5b Patch from larry doolittle to make sure we don't realloc
a pointer that was not yet malloced mem.
2000-12-11 20:29:13 +00:00
Eric Andersen
afdde3e356 Some little cleanups from Larry Doolittle 2000-12-09 16:41:42 +00:00
Eric Andersen
9cff4fbac9 Patch from Matt Kraai to make logger log all arguments. 2000-12-08 19:35:51 +00:00
Mark Whitley
f57c944e09 Changed names of functions in utility.c and all affected files, to make
compliant with the style guide. Everybody rebuild your tags file!
2000-12-07 19:56:48 +00:00
Matt Kraai
7b5c16ebe5 Fix by Tim Robbins <fyre@box3n.gumbynet.org> to prevent bad format
strings from being passed to syslog(3).
2000-12-07 16:22:04 +00:00
Eric Andersen
4e573f4729 Remove the BSD advertising clause, and replace it with a link to how
the advertising clause has been retroactivly declared null and void.
2000-11-14 23:29:24 +00:00
Matt Kraai
3180413e76 Clean up error handling and uses of TRUE/FALSE. 2000-10-25 16:40:21 +00:00
Eric Andersen
3570a34de4 Renamed "internal.h" to the more sensible "busybox.h".
-Erik
2000-09-25 21:45:58 +00:00
Eric Andersen
88f50b6bf5 Some #include updates.
-Erik
2000-08-10 17:59:11 +00:00
Matt Kraai
bf181b9338 Extract usage information into a separate file. 2000-07-16 20:57:15 +00:00
Pavel Roskin
df4532bfa3 More fixes for "signed vs. unsigned" warnings. 2000-07-14 17:24:58 +00:00
Matt Kraai
d537a95fdb Use errorMsg rather than fprintf. 2000-07-14 01:51:25 +00:00
Eric Andersen
b610615be9 Updates to a number of apps to remove warnings/compile errors under libc5.
Tested under both libc5 and libc6 and all seems well with these fixes.
 -Erik
2000-06-19 17:25:40 +00:00
Erik Andersen
7ab9c7ee52 Lots of updates. Finished implementing BB_FEATURE_TRIVIAL_HELP
which lets you compile out most of the "--help" output, saving
up to 17k.

Renamed mnc to nc.
 -Erik
2000-05-12 19:41:47 +00:00
Erik Andersen
61677feff7 Upates to include copyright 2000 to everything
-Erik
2000-04-13 01:18:56 +00:00
Erik Andersen
e49d5ecbbe Some formatting updates (ran the code through indent)
-Erik
2000-02-08 19:58:47 +00:00
Erik Andersen
04e97024e7 Clear up some ambiguity with old style assignments.
-Erik
2000-01-29 07:06:24 +00:00
Erik Andersen
de552874d2 Some busybox updates. You no longer _have_ to put a "-" in front of tar
options, logger is better behaved and has a "-t" option now.  init now supports
the kernel chroot patch, so you can chroot to a new device and umount the old
root.
 -Erik
2000-01-23 01:34:05 +00:00
Erik Andersen
9a9a261569 Fix a logger bug.
-Erik
2000-01-09 06:49:08 +00:00
Erik Andersen
286b0de74d Trivial type fix.
-Erik
2000-01-07 09:43:38 +00:00
Erik Andersen
1c5b2589d1 Fix bugs in logger and syslogd. Add fbset.
-Erik
1999-12-16 20:59:36 +00:00
Eric Andersen
befda6e4ed Stuf 1999-11-25 08:06:22 +00:00
Eric Andersen
3843e96252 Stuf 1999-11-25 07:30:46 +00:00