Commit Graph

523 Commits

Author SHA1 Message Date
Eric Andersen
52499cb9ae Tito writes:
Hi,
I've spent the half night staring at the devilish  my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've  found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and  logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
     false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
     The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
     Maybe this buffers can be reduced a bit  ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
     size busybox
       text    data     bss     dec     hex filename
     239568    2300   36816  278684   4409c busybox
    size busybox_fixed
       text    data     bss     dec     hex filename
     239616    2300   36816  278732   440cc busybox
7) The behaviour of whoami changed:
    actually it  prints out an username cut down to the size of the buffer.
    This could be fixed by increasing the size of the buffer as in id.c or
    avoid the use of my_getpwuid and use getpwuid directly instead.
    Maybe this colud be also remain unchanged......

Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
2004-08-26 22:18:59 +00:00
Eric Andersen
4f807a84c5 BusyBox has no business hard coding the number of major and minor bits for a
dev_t.  This is especially important now that the user space concept of a dev_t
and the kernel concept of a dev_t are divergant.  The only bit of user space
allowed to know the number of major and minor bits is include/sys/sysmacros.h
(i.e. part of libc).  When used with a current C library and a 2.6.x kernel,
this fix should allow BusyBox to support wide device major/minor numbers.
 -Erik
2004-07-26 09:11:12 +00:00
Glenn L McGrath
a88ae491e3 Fixup -T (--files-from) option, works for non-directories now 2004-07-21 09:00:39 +00:00
Glenn L McGrath
f34b0e996b Update reference for zip format 2004-06-06 10:22:43 +00:00
Eric Andersen
aaff79a8dd Steve Grubb writes:
Hello,

I found and patched 2 more bugs. The first is a misplaced semi-colon. The second
one is a buffer overflow. I doubt the buffer overflow is triggered in real life.
But you never know what those wily hackers are up to.

Thanks,
Steve Grubb
2004-05-05 10:37:49 +00:00
Glenn L McGrath
faa3546fd7 Fix symlink handling and small memory leak 2004-04-29 09:24:19 +00:00
Glenn L McGrath
c6992feee3 Update my email address, document some of my tasks in the AUTHORS file 2004-04-25 05:11:19 +00:00
Eric Andersen
aff114c33d Larry Doolittle writes:
This is a bulk spelling fix patch against busybox-1.00-pre10.
If anyone gets a corrupted copy (and cares), let me know and
I will make alternate arrangements.

Erik - please apply.

Authors - please check that I didn't corrupt any meaning.

Package importers - see if any of these changes should be
passed to the upstream authors.

I glossed over lots of sloppy capitalizations, missing apostrophes,
mixed American/British spellings, and German-style compound words.

What is "pretect redefined for test" in cmdedit.c?

Good luck on the 1.00 release!

      - Larry
2004-04-14 17:51:38 +00:00
Glenn L McGrath
958ac18d4e Add a comment explaining why we have to check for an extra \n 2004-04-09 06:59:05 +00:00
Eric Andersen
762c64fdf1 rename uncompress.c to decompress_uncompress.c
rename unzip.c to decompress_unzip.c
2004-04-05 13:03:34 +00:00
Eric Andersen
8ee2b27f0c Add missing include files 2004-03-27 11:26:32 +00:00
Eric Andersen
70060d25d2 s/fileno\(stdin\)/STDIN_FILENO/g
s/fileno\(stdout\)/STDOUT_FILENO/g
2004-03-27 10:02:48 +00:00
Eric Andersen
c7bda1ce65 Remove trailing whitespace. Update copyright to include 2004. 2004-03-15 08:29:22 +00:00
Glenn L McGrath
10b781345f Fix option handling, -i or -t must be given, if both ignore the -t.
Use bb_getopt_ulflags.
2004-02-25 09:30:06 +00:00
Glenn L McGrath
15c3512614 Sometimes i get carried away with the use of function pointers, im sure
it seemed like a good idea at the time.
2004-02-21 09:20:56 +00:00
Glenn L McGrath
916ba53f1a Fix up hard links 2004-02-20 02:34:42 +00:00
Glenn L McGrath
c9f1fce9bb A strict interpretation of the ustar format requires the type flag to be
interpreted, we cannot depend on the file type being set in the mode
field.
2004-02-20 02:25:18 +00:00
Glenn L McGrath
b0e163a93b Add extra comments, freakout if a pax archive is encoutered. 2004-02-19 08:48:30 +00:00
Glenn L McGrath
a8f756fc7f Remove debugging 2004-02-17 12:04:13 +00:00
Glenn L McGrath
6aa52234e8 Dont strip trailing '/' until _after_ i test to set if its there ! 2004-02-17 11:55:06 +00:00
Eric Andersen
dfcb5b0412 s/u_int/uint/g 2004-01-30 22:54:20 +00:00
Glenn L McGrath
303e989a11 Add the -h, --dereference option for archive creation. 2004-01-25 05:48:28 +00:00
Glenn L McGrath
b03be7f567 Patch from Arthur Othieno, clarify common options between dpkg and dpkg-deb 2004-01-17 03:24:05 +00:00
Glenn L McGrath
1f28b90a9c Use bb_getopt_ulflags, save 100 bytes and strict argument checking. 2004-01-07 09:24:06 +00:00
Glenn L McGrath
ab7780655b Use bb_getopt_ulflags, save 150 bytes. 2004-01-05 12:35:05 +00:00
Glenn L McGrath
6cb3bc056c Use bb_getopt_ulflags, simplify some logic, saves some bytes. 2004-01-05 11:49:55 +00:00
Glenn L McGrath
08ca752c68 Fix usage with libraries, skip symbol table. 2004-01-04 11:06:34 +00:00
Glenn L McGrath
930453bdcf Use bb_getopt_ulflags, saves some space, better argument checking.
Remove ar specific extraction code, always use common extraction code.
2004-01-04 10:28:22 +00:00
Glenn L McGrath
ce91c8ac2b Isolate code better for unused options, config option to enable long
options, add some conditions to the tar tests in testsuite.
2003-12-26 14:01:37 +00:00
Glenn L McGrath
334dc65c92 Fix a bug of mine where extracting files to stdout would extract to
much, modified patch from Bastian Blank
2003-12-22 21:02:41 +00:00
Eric Andersen
67ff3a1ffd Don't hose up perms for files that happen to have symlinks
in the tarball that point to them.
 -Erik
2003-12-21 08:59:24 +00:00
Glenn L McGrath
142abc18ce Fix a compile error when only using ar, patch by Paul van Gool 2003-12-05 02:51:21 +00:00
Glenn L McGrath
b8c3a54531 Patch from Ian Campbell, fix or'ed dependencies and handle virtual
dependencies.
2003-11-28 22:38:14 +00:00
Glenn L McGrath
e39ee01821 Fix tar hard links 2003-11-27 00:01:43 +00:00
Glenn L McGrath
fea4b446df Important bugfixes from Ian Campbell.
init_archive_deb_data()
        We want to filter for data.tar.* in the AR file not the TAR
        file, else we get nothing.

all_control_list()
        Make the 'extensions' array of control file names a global so it
        can be used in unpack_package as well. Name the global
        all_control_files. Don't hard code the length of
        all_control_files but instead used sizeof.

unpack_package()
        Only unpack the control files we are interested in (from
        all_control_files). Extract the data.tar.gz into / rather than
        the current directory.

dpkg_main()
        Configure packages in a second pass so all the packages being
        installed are unpacked before configuring.

Some purely cosmetic changes:

header
        update list of differences since two of them are no longer true.
        The .control file is no longer stored as a result of this patch
        -- it was redundant since the info is in status. New packages
        appear to be added to the end of the status file now rather than
        the start.

remove_package()
        Make message printing optional, so we can avoid a redundant
        message when replacing/upgrading a package. When we do print
        stuff then include the version number.

purge_package()
        Print "Purging xxx (yyy) ..." message like the other actions.

configure_package()
        Add "..." to "Setting up" message to be consistent with other
        actions.
2003-11-26 21:53:37 +00:00
Glenn L McGrath
7ffe133864 As we no longer use function pointers for read in common archiving code
archive_xread can be replaced with bb_full_read, and archive_copy_file
with bb_copyfd*
bb_copyfd is split into two functions bb_copyfd_size and bb_copyfd_eof,
they share a common backend.
2003-11-21 22:24:57 +00:00
Glenn L McGrath
1a2d75fd72 Use safe read 2003-11-21 22:17:28 +00:00
Glenn L McGrath
2cd1eb16ad Remove unused function 2003-11-20 22:36:57 +00:00
Glenn L McGrath
e857122c97 Fix tar-handles-nested-exclude testcase 2003-11-20 10:47:06 +00:00
Glenn L McGrath
bebc40b406 Check at least one context is specified 2003-11-20 09:53:31 +00:00
Glenn L McGrath
ba49651de9 Check there are files to add the archive before removing a specified
tar file.
2003-11-20 09:06:10 +00:00
Glenn L McGrath
90c9df93f3 Dont attempt to unlink directories 2003-11-20 08:00:38 +00:00
Glenn L McGrath
56f16b42c9 tar -Z, uncompress support 2003-11-18 21:37:52 +00:00
Glenn L McGrath
20872be9a4 Dont close original file handle, we may need it later. 2003-11-18 21:31:19 +00:00
Glenn L McGrath
3b9fc8fe2a Make unlink old files default behaviour and add a new option -k to
prevent overwritting existing files
2003-11-18 20:23:04 +00:00
Glenn L McGrath
f074afc2a0 Dont free filename, its needed in the extracted files list. 2003-11-17 21:58:00 +00:00
Glenn L McGrath
8dc8cb133c Fix a bug where cpio wouldnt work unless -u was specified 2003-11-15 23:44:31 +00:00
Glenn L McGrath
5699b8525e Move from read_gz to the pipe()+fork() method.
open_transformer(), common code for pipe+fork.
Function pointer for read() no longer needed.
Allow inflate to be initialised with a specified buffer size to avoid
over-reading.
Reset static variables in inflate_get_next_window to fix a bug where
only the first file in a .zip would be be extracted.
2003-11-15 23:19:05 +00:00
Glenn L McGrath
54ac057c00 Fix memory leaks 2003-11-15 00:24:43 +00:00
Glenn L McGrath
e57feeb9e6 Keep trying to find a good header, if we exit it will cause .tar.gz
files to compute incorrect crc and length for gzip
2003-11-14 12:57:14 +00:00