Commit Graph

10 Commits

Author SHA1 Message Date
Glenn L McGrath
f15dfc5570 Tito writes,
"This patch fixes all the bugs in id previously spotted by vodz and me.
The binary size increased a bit,  but now it should work as expected."
2004-09-15 03:04:08 +00:00
Eric Andersen
7eb79fff10 Tito writes:
Hi Erik,
Hi to all,
This is part five of the my_get*id story.
I've tweaked a bit this two functions to make them more flexible,
but this changes will not affect existing code.
Now they work so:
1) my_getpwuid( char *user, uid_t uid, int bufsize)

   if bufsize is > 0 char *user cannot be set to NULL
                     on success username is written on static allocated buffer
                     on failure uid as string is written to buffer and NULL is returned
   if bufsize is = 0 char *user can be set to NULL
                     on success username is returned
                     on failure NULL is returned
   if bufsize is < 0 char *user can be set to NULL
                     on success username is returned
                     on failure an error message is printed and the program exits

  2) 1) my_getgrgid( char *group, uid_t uid, int bufsize)

   if bufsize is > 0 char *group cannot be set to NULL
                     on success groupname is written on static allocated buffer
                     on failure gid as string is written to buffer and NULL is returned
   if bufsize is = 0 char *group can be set to NULL
                     on success groupname is returned
                     on failure NULL is returned
   if bufsize is < 0 char *group can be set to nULL
                     on success groupname is returned
                     on failure an error message is printed and the program exits

This changes were needed mainly for my new id applet.
It is somewhat bigger then the previous but matches the behaviour of GNU id
and is capable to handle usernames of whatever length.
BTW: at a first look it seems to me that it will integrate well (with just a few changes)
with the pending patch  in patches/id_groups_alias.patch.
The increase in size is balanced by the removal of my_getpwnamegid.c
from libbb as this was used only in previous id applet and by size optimizations
made possible in whoami.c and in passwd.c.
I know that we are in feature freeze but I think that i've tested it enough
(at least I hope so.......).
2004-09-02 22:21:41 +00:00
Eric Andersen
52499cb9ae Tito writes:
Hi,
I've spent the half night staring at the devilish  my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've  found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and  logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
     false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
     The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
     Maybe this buffers can be reduced a bit  ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
     size busybox
       text    data     bss     dec     hex filename
     239568    2300   36816  278684   4409c busybox
    size busybox_fixed
       text    data     bss     dec     hex filename
     239616    2300   36816  278732   440cc busybox
7) The behaviour of whoami changed:
    actually it  prints out an username cut down to the size of the buffer.
    This could be fixed by increasing the size of the buffer as in id.c or
    avoid the use of my_getpwuid and use getpwuid directly instead.
    Maybe this colud be also remain unchanged......

Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
2004-08-26 22:18:59 +00:00
Eric Andersen
c7bda1ce65 Remove trailing whitespace. Update copyright to include 2004. 2004-03-15 08:29:22 +00:00
Eric Andersen
cb81e6484d Update a bunch of docs. Run a script to update my email addr. 2003-07-14 21:21:08 +00:00
Eric Andersen
02e6ba91e8 Vodz' last_patch57:
Hi, Erik.

    my_getpw(uid/gid) and applets used it have problem:
    if username for uid not found, applets can`t detect it
    (but code pessent). Also "%8ld " format is bad:
    spaces not required (applets have self format
    or spec format (tar applet) and overflow for "id" applet...)
    This problem also pressent in stable version.
    Patch for unstable in attach.

    --w
    vodz
2002-09-30 20:39:56 +00:00
Eric Andersen
887ca79f04 Scrub pwd.h and grp.h handling so we don't have to play any
silly games.
 -Erik
2002-07-03 23:19:26 +00:00
Robert Griebl
ea1a63a201 Fix for broken handling off BusyBox's own pwd/grp implementations
[Parts of this patch may overlap with my other two patches]
2002-06-04 20:10:23 +00:00
Eric Andersen
bdfd0d78bc Major rework of the directory structure and the entire build system.
-Erik
2001-10-24 05:00:29 +00:00
Eric Andersen
c75586e06d Split libbb/pwd_grp_wrappers.c into 5 different libbb/my_* files.
-Erik
2001-03-19 18:37:42 +00:00