shrink filter_accept_reject_list() a tiny bit while at it.
text data bss dec hex filename
59 0 0 59 3b filter_accept_reject_list.o
62 0 0 62 3e filter_accept_reject_list.o.orig
a failure exit code. delay the error exit until all (good) files
have been extracted.
filesystem errors (nodes of wrong type, permission problems, etc)
still cause immediate failure.
pathological archives.
(Unlikely to have security implications, the only way to trigger it basically
wound up doing memset(dbuf,x,2^31) and triggering an immediate segfault. The
test basically gives us a more polite error message.)
Thanks to Ned Ludd and the Gentoo security guys for finding this.
I have no idea how to apply bb_getopt_complementally to a --longopt that
has no short option. The documentation from vodz has a bad case of
babelfish poisoning, and I can't understand it. It sort of seems to
suggest there is a way, but what it is I have no idea. So I used \n as
the short option, which is fairly unlikely to be used for something else. :)
- new bb_getopt_ulflags features: check max and min args, convert first argv to options special for ar and tar applets
- use bb_default_error_retval for env applet
- more long opt compatibility, can set flag for long opt struct now
- more logic: check opt-depend requires and global requires, special for 'id' and 'start-stop-daemon' applets.
Hi,
I found that gcc in cvs (HEAD in 2005/02/11) reject the gzip source
in the busybox.
This is caused by changing gcc's error handling behavior(
The gcc check the function prototype more strictly).
I show the compilation log as follow:
-- compilation log
-- compilation log
To fix the problem, apply the patch which is attached with this
mail.
Please take a look the patch and apply the patch into svn repository.
Hi!
I've created a patch to busybox' build system to allow building it in
separate tree in a manner similar to kbuild from kernel version 2.6.
That is, one runs command like
'make O=/build/some/where/for/specific/target/and/options'
and everything is built in this exact directory, provided that it exists.
I understand that applyingc such invasive changes during 'release
candidates' stage of development is at best unwise. So, i'm currently
asking for comments about this patch, starting from whether such thing
is needed at all to whether it coded properly.
'make check' should work now, and one make creates Makefile in build
directory, so one can run 'make' in build directory after that.
One possible caveat is that if we build in some directory other than
source one, the source directory should be 'distclean'ed first.
egor
Hi,
I've spent the half night staring at the devilish my_getpwuid and my_getgrgid functions
trying to find out a way to avoid actual and future potential buffer overflow problems
without breaking existing code.
Finally I've found a not intrusive way to do this that surely doesn't break existing code
and fixes a couple of problems too.
The attached patch:
1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial buffer overflows
2) fixes all occurences of this function calls in tar.c , id.c , ls.c, whoami.c, logger.c, libbb.h.
3) The behaviour of tar, ls and logger is unchanged.
4) The behavior of ps with somewhat longer usernames messing up output is fixed.
5) The only bigger change was the increasing of size of the buffers in id.c to avoid
false negatives (unknown user: xxxxxx) with usernames longer than 8 chars.
The value i used ( 32 chars ) was taken from the tar header ( see gname and uname).
Maybe this buffers can be reduced a bit ( to 16 or whatever ), this is up to you.
6) The increase of size of the binary is not so dramatic:
size busybox
text data bss dec hex filename
239568 2300 36816 278684 4409c busybox
size busybox_fixed
text data bss dec hex filename
239616 2300 36816 278732 440cc busybox
7) The behaviour of whoami changed:
actually it prints out an username cut down to the size of the buffer.
This could be fixed by increasing the size of the buffer as in id.c or
avoid the use of my_getpwuid and use getpwuid directly instead.
Maybe this colud be also remain unchanged......
Please apply if you think it is ok to do so.
The diff applies on today's cvs tarball (2004-08-25).
Thanks in advance,
Ciao,
Tito
dev_t. This is especially important now that the user space concept of a dev_t
and the kernel concept of a dev_t are divergant. The only bit of user space
allowed to know the number of major and minor bits is include/sys/sysmacros.h
(i.e. part of libc). When used with a current C library and a 2.6.x kernel,
this fix should allow BusyBox to support wide device major/minor numbers.
-Erik
Hello,
I found and patched 2 more bugs. The first is a misplaced semi-colon. The second
one is a buffer overflow. I doubt the buffer overflow is triggered in real life.
But you never know what those wily hackers are up to.
Thanks,
Steve Grubb
This is a bulk spelling fix patch against busybox-1.00-pre10.
If anyone gets a corrupted copy (and cares), let me know and
I will make alternate arrangements.
Erik - please apply.
Authors - please check that I didn't corrupt any meaning.
Package importers - see if any of these changes should be
passed to the upstream authors.
I glossed over lots of sloppy capitalizations, missing apostrophes,
mixed American/British spellings, and German-style compound words.
What is "pretect redefined for test" in cmdedit.c?
Good luck on the 1.00 release!
- Larry
init_archive_deb_data()
We want to filter for data.tar.* in the AR file not the TAR
file, else we get nothing.
all_control_list()
Make the 'extensions' array of control file names a global so it
can be used in unpack_package as well. Name the global
all_control_files. Don't hard code the length of
all_control_files but instead used sizeof.
unpack_package()
Only unpack the control files we are interested in (from
all_control_files). Extract the data.tar.gz into / rather than
the current directory.
dpkg_main()
Configure packages in a second pass so all the packages being
installed are unpacked before configuring.
Some purely cosmetic changes:
header
update list of differences since two of them are no longer true.
The .control file is no longer stored as a result of this patch
-- it was redundant since the info is in status. New packages
appear to be added to the end of the status file now rather than
the start.
remove_package()
Make message printing optional, so we can avoid a redundant
message when replacing/upgrading a package. When we do print
stuff then include the version number.
purge_package()
Print "Purging xxx (yyy) ..." message like the other actions.
configure_package()
Add "..." to "Setting up" message to be consistent with other
actions.
archive_xread can be replaced with bb_full_read, and archive_copy_file
with bb_copyfd*
bb_copyfd is split into two functions bb_copyfd_size and bb_copyfd_eof,
they share a common backend.
open_transformer(), common code for pipe+fork.
Function pointer for read() no longer needed.
Allow inflate to be initialised with a specified buffer size to avoid
over-reading.
Reset static variables in inflate_get_next_window to fix a bug where
only the first file in a .zip would be be extracted.