summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2004-08-26Tito writes:Eric Andersen
Hi, I've spent the half night staring at the devilish my_getpwuid and my_getgrgid functions trying to find out a way to avoid actual and future potential buffer overflow problems without breaking existing code. Finally I've found a not intrusive way to do this that surely doesn't break existing code and fixes a couple of problems too. The attached patch: 1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows 2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h. 3) The behaviour of tar, ls and logger is unchanged. 4) The behavior of ps with somewhat longer usernames messing up output is fixed. 5) The only bigger change was the increasing of size of the buffers in id.c to avoid false negatives (unknown user: xxxxxx) with usernames longer than 8 chars. The value i used ( 32 chars ) was taken from the tar header ( see gname and uname). Maybe this buffers can be reduced a bit ( to 16 or whatever ), this is up to you. 6) The increase of size of the binary is not so dramatic: size busybox text data bss dec hex filename 239568 2300 36816 278684 4409c busybox size busybox_fixed text data bss dec hex filename 239616 2300 36816 278732 440cc busybox 7) The behaviour of whoami changed: actually it prints out an username cut down to the size of the buffer. This could be fixed by increasing the size of the buffer as in id.c or avoid the use of my_getpwuid and use getpwuid directly instead. Maybe this colud be also remain unchanged...... Please apply if you think it is ok to do so. The diff applies on today's cvs tarball (2004-08-25). Thanks in advance, Ciao, Tito
2004-08-26Felipe Kellermann writes:Eric Andersen
Unfortunatelly I've not followed the last two or three weeks commits (new semester started and so now I rarely have time to fix my personal bridge) but tonight I synched my tree and immediately noticed a rather nasty bug! [Using libbb/interface.c:1.24] # grep eth0 /proc/net/dev | xargs eth0:311708397 237346 1670 0 1789 1670 0 0 22580308 120297 0 0 0 102 0 0 # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:20:AF:7C:EA:B7 inet addr:10.0.0.1 Bcast:10.0.0.127 Mask:255.255.255.128 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:5 Base address:0x320 All values `ifconfig' is showing are `zeroed' -- I quickly looked at the last commits I missed and noticed that there were a commit relating to ifconfig, libbb/interface.c:1.23->1.24 (PatchSet 4338). I've reversed the patch and now everything is working again. I compared the get_name's return values from the 1.23 and 1.24 and quickly noticed that the new revision is leaving `p' right on the sep while the rev 1.23 was leaving it right on the starting of the values... 1-line, 1/3-minute patch attached :-)
2004-08-25Patch from Manousaridis Angelos to cleanup stale file descriptors, it was ↵Glenn L McGrath
preventing unmounting an initial filesystem.
2004-08-19Patch from Rodney Radford adding x86_64 support.Eric Andersen
2004-08-19regularly update the status line displayEric Andersen
-Erik
2004-08-19Patch from Mike Castle to cleanup some modutils issues, inEric Andersen
particular making alias support work better.
2004-08-19Patch from Tito adding support for '-q'Eric Andersen
2004-08-19Patch from Tito documenting the '-q' optionEric Andersen
2004-08-19Patch from Vladimir N. Oleynik:Eric Andersen
On Wed Aug 18, 2004 at 06:52:57PM +0800, Matt Johnston wrote: > I've come across some strange-seeming behaviour when running programs > under Busybox (1.0.0-rc3) ash. If the child process sets stdin to be > non-blocking and then exits, the parent ash will also exit. A quick strace > shows that a subsequent read() from stdin returns EAGAIN (as would be > expected): Thanks! Patch attached. --w vodz
2004-08-18Fixup 'dc' usageEric Andersen
2004-08-16Prepare for release1_00_rc3Eric Andersen
2004-08-16Bump versionEric Andersen
2004-08-16Only pass modprobe module params with 2.6.x kernel support.Eric Andersen
-Erik
2004-08-16Do not use vfork, as init is not vfork safe. Do not allowEric Andersen
askfirst when mmuless.
2004-08-16Bertrand Baudet writes:Eric Andersen
Looks like the -D and -H options of the adduser applet aren't handle properly in BusyBox. This patch fixes the masks definition for those options according to there position in the optstring. Patch against RC2 but should also apply cleanly against CVS. Bertrand
2004-08-16Joe.C writes:Eric Andersen
This bug is in busybox 1.0.0-rc2. When using lash exec builtin with redirection, the opened file fd keep increasing. For example, please try the following command with lash. ls -al /proc/<lash pid>/fd exec /bin/sh 2>/dev/null ls -al /proc/<lash pid>/fd The last 'ls' command output will look like this. The fd number 4 shouldn't exist. lrwx------ 1 501 100 64 Aug 13 13:56 4 -> /dev/pts/5 l-wx------ 1 501 100 64 Aug 13 13:56 2 -> /dev/null lrwx------ 1 501 100 64 Aug 13 13:56 1 -> /dev/pts/5 lrwx------ 1 501 100 64 Aug 13 13:56 0 -> /dev/pts/5 dr-xr-xr-x 3 501 100 0 Aug 13 13:56 .. dr-x------ 2 501 100 0 Aug 13 13:56 . This one-line patch fix this problem by setting CLOEXEC flag for squirrel fd. Please apply. Joe.C
2004-08-16Use __kernel_old_dev_t for 2.6.x kernelsEric Andersen
2004-08-16Aurelien Jacobs writes:Eric Andersen
with a quick conversion you will see that 132608 == 0x20600 so noticed that the elif will never be matched ! Apparently there was already a try to modify this in CVS which was reverted (it was plain wrong). I don't know when __kernel_old_dev_t is needed, but with a 2.6.7 or a 2.6.8 this is __kernel_dev_t wich is needed. I corrected this with the following patch but maybe older 2.6 still need __kernel_old_dev_t ? I think this should be corrected before 1.0. Thanks Aurel
2004-08-14Christian Ostheimer writes:Eric Andersen
Hello, function build_dep in modprobe.c assumes that dependencies of one module have not more than 255 chars; that is not sufficient in kernel 2.6.7 (alsa sound modules). - Below is a diff that solves the problem for me. With regards, Christian Ostheimer
2004-08-12Patch from solar to fix problems with get_name()Eric Andersen
2004-08-11Set default command to list rather than get, its default behaviour nowGlenn L McGrath
coincides with upstream. Patch from debian diff.
2004-08-11Patch from Mike Castle, dont print an empty line (patch modified by me toGlenn L McGrath
change formatting).
2004-08-11Patch from Tito to fix memory leak upon error.Glenn L McGrath
2004-08-11Patch from Bastian Blank to add 64 bit support to the test command.Glenn L McGrath
Example of broken usage: ./busybox test 2147483648 -gt 2147483648
2004-08-11Patch from Phil Blundellto improve substring matchGlenn L McGrath
2004-08-11Willian Barsse wroteGlenn L McGrath
"There seems to be a slight problem with the "mod_strcmp" function in modprobe.c, it scans for the first occurence of the module name in the "mod_path" variable and expects it to be the last path element. ie /lib/modules/2.4.22-debug/kernel/fs/vfat in my example. The comparison will always fail if mod_path contains another substring matching the module name." Robert McQueen wrote "Although William Barsse's patch fixed mod_strcmp for 2.4 kernels, there was a remaining problem which prevented it from working for me. I've just tracked it down - when you enable kernel 2.6 module support it hard-wired the extension to .ko instead of checking at runtime like the other places where 2.4 differs from 2.6. The attached patch fixes this for me."
2004-08-06Patch from Tito to fix warnings about redifined functionions barrier and likely.Glenn L McGrath
2004-08-06Part of patch from William Barsse, fixes a problem with unescaped %.Glenn L McGrath
2004-08-04Michael Leibow, MichaelLe at belkin.com writes:Eric Andersen
A question was posted a month ago by Mark Alamo to see if others had problems with sourcing subscripts within msh. We asked his firm to fix the msh.c bug he described because we didn't have enough time to do it ourselves. When msh.c is executing a compound statement and there is a . command to source another script file, msh.c will not execute the subscript until it's completed executing the rest of the compound statement. His example was this: Echo "Start" ; . ./subA; echo "mid" ; . ./subB ; echo "end" subA and subB execute AFTER end is printed in reverse order. The same is true if the sourced files are inside an if else fi, case esac, or any compound statement. Attached is a patch to msh.c. It fixes the problem. Cd to the root of your busybox tree and execute "patch -p1 < msh.c.patch" Unfortunately, I won't have more time to work on this so I hope that there aren't any problems! Michael Leibow Senior Software Engineer Belkin Corporation
2004-08-04Run msh through indentEric Andersen
2004-08-03William Barsse writes:Eric Andersen
fixes two other issues (plus the previous as well) with a 2.4 kernel : - should be able to modprobe an already loaded module and get 0 return code : # modprobe <something> && modprobe <something> && echo "ok" || echo "failed" .... failed Well, hope this helps and that I didn't screw up again, - William
2004-08-03Tito, farmatito at tiscali dot it writes:Eric Andersen
Hi to all, This patch is useful for: 1) remove an unused var from extern char *find_real_root_device_name(const char* name) changing it to extern char *find_real_root_device_name(void). 2) fixes include/libbb.h, coreutils/df.c, util-linux/mount.c and util-linux/umount.c accordingly. 3) fixes a bug, really a false positive, in find_real_root_device_name() that happens if in the /dev directory exists a link named root (/dev/root) that should be skipped but is not. This affects applets like df that display wrong results
2004-08-01fixup cut-n-paste problemEric Andersen
2004-07-30Simon Poole reports that awk segfaults when environment variablesEric Andersen
with no value exist, i.e. $ export BOB='' % ./busybox awk Segmentation fault This patch teaches awk to not blow chunks on empty env variables. -Erik
2004-07-30Fix incorrect arguments being passed to mknodEric Andersen
2004-07-30Umm. Not guilty by reason of insanity.Eric Andersen
-Erik
2004-07-30Fixup getty, login, etc so the utmp and wtmp are updated, allowingEric Andersen
the 'who' and 'last' applets among other things to work as expected. -Erik
2004-07-30use SIGTERM to kill off udhcpd, not SIGKILLEric Andersen
2004-07-30Fix up brain damage with the way major and minor are used toEric Andersen
create a dev_t
2004-07-30As noted by Eric Spakman, calling static_down() and then callingEric Andersen
bootp_down() seems redundant, esp since bootp_down was a subset of static_down, so just use that...
2004-07-29Clean up hex escape support.Manuel Novoa III
2004-07-28Thanks to Ken Roberts, fix the slackware urlEric Andersen
2004-07-27Felipe Kellermann noticed a missing `break'.Eric Andersen
2004-07-26document stuff I have doneRobert Griebl
2004-07-26add missing ;1_00_rc2Eric Andersen
2004-07-26bump version to -rc2Eric Andersen
2004-07-26bother. unrevert my fix.Eric Andersen
2004-07-26Prepare for releaseEric Andersen
2004-07-26Allow hex escape sequencesEric Andersen
2004-07-26Make certain that udhcp shuts down the interfaceEric Andersen