[BusyBox] busybox and libsafe
Matt Kraai
kraai at alumni.carnegiemellon.edu
Thu Oct 12 19:19:49 UTC 2000
Howdy,
The section of code libsafe is complaining about is broken. It copies
input from the user into a fixed size buffer without checking that the
buffer is large enough. The attach patch rewrites this section to
eliminate the use of the fixed size buffer. If you could please test it
and let me know what the results are, I'll try to find someone to commit
it for me.
Matt
-------------- next part --------------
--- ls.c.orig Thu Oct 12 12:15:53 2000
+++ ls.c Thu Oct 12 12:15:46 2000
@@ -450,45 +450,41 @@
struct dnode *dn, *cur, **dnp;
struct dirent *entry;
DIR *dir;
- char *fnend, fullname[BUFSIZ+1] ;
int i, nfiles;
if (path==NULL) return(NULL);
- strcpy(fullname, path);
- fnend = fullname + strlen(fullname);
- if (fnend[-1] != '/') {
- strcat(fullname, "/");
- fnend++;
- }
dn= NULL;
nfiles= 0;
- dir = opendir(fullname);
+ dir = opendir(path);
if (dir == NULL) {
- errorMsg("%s: %s\n", fullname, strerror(errno));
+ errorMsg("%s: %s\n", path, strerror(errno));
return(NULL); /* could not open the dir */
}
while ((entry = readdir(dir)) != NULL) {
/* are we going to list the file- it may be . or .. or a hidden file */
- strcpy(fnend, entry->d_name);
- if ((strcmp(fnend, ".")==0) && !(disp_opts & DISP_DOT)) continue;
- if ((strcmp(fnend, "..")==0) && !(disp_opts & DISP_DOT)) continue;
- if ((fnend[0] == '.') && !(disp_opts & DISP_HIDDEN)) continue;
+ if ((strcmp(entry->d_name, ".")==0) && !(disp_opts & DISP_DOT)) continue;
+ if ((strcmp(entry->d_name, "..")==0) && !(disp_opts & DISP_DOT)) continue;
+ if ((entry->d_name[0] == '.') && !(disp_opts & DISP_HIDDEN)) continue;
cur= (struct dnode *)xmalloc(sizeof(struct dnode));
- cur->fullname= xstrdup(fullname);
- cur->name= cur->fullname + (int)(fnend - fullname) ;
+ cur->fullname = xmalloc(strlen(path)+1+strlen(entry->d_dname)+1);
+ strcpy(cur->fullname, path);
+ if (cur->fullname[strlen(cur->fullname)-1] != '/')
+ strcat(cur->fullname, "/");
+ cur->name= cur->fullname + strlen(cur->fullname);
+ strcat(cur->fullname, entry->d_name);
#ifdef BB_FEATURE_LS_FOLLOWLINKS
if (follow_links == TRUE) {
- if (stat(fullname, &cur->dstat)) {
- errorMsg("%s: %s\n", fullname, strerror(errno));
+ if (stat(cur->fullname, &cur->dstat)) {
+ errorMsg("%s: %s\n", cur->fullname, strerror(errno));
free(cur->fullname);
free(cur);
continue;
}
} else
#endif
- if (lstat(fullname, &cur->dstat)) { /* get file stat info into node */
- errorMsg("%s: %s\n", fullname, strerror(errno));
+ if (lstat(cur->fullname, &cur->dstat)) { /* get file stat info into node */
+ errorMsg("%s: %s\n", cur->fullname, strerror(errno));
free(cur->fullname);
free(cur);
continue;
More information about the busybox
mailing list