[BusyBox] busybox and libsafe

Matt Kraai kraai at alumni.carnegiemellon.edu
Thu Oct 12 19:19:49 UTC 2000 

Howdy,

The section of code libsafe is complaining about is broken.  It copies
input from the user into a fixed size buffer without checking that the
buffer is large enough.  The attach patch rewrites this section to
eliminate the use of the fixed size buffer.  If you could please test it
and let me know what the results are, I'll try to find someone to commit
it for me.

Matt
-------------- next part --------------
--- ls.c.orig	Thu Oct 12 12:15:53 2000
+++ ls.c	Thu Oct 12 12:15:46 2000
@@ -450,45 +450,41 @@
 	struct dnode *dn, *cur, **dnp;
 	struct dirent *entry;
 	DIR *dir;
-	char *fnend, fullname[BUFSIZ+1] ;
 	int i, nfiles;
 
 	if (path==NULL) return(NULL);
-	strcpy(fullname, path);
-	fnend = fullname + strlen(fullname);
-	if (fnend[-1] != '/') {
-		strcat(fullname, "/");
-		fnend++;
-	}
 
 	dn= NULL;
 	nfiles= 0;
-	dir = opendir(fullname);
+	dir = opendir(path);
 	if (dir == NULL) {
-		errorMsg("%s: %s\n", fullname, strerror(errno));
+		errorMsg("%s: %s\n", path, strerror(errno));
 		return(NULL);	/* could not open the dir */
 	}
 	while ((entry = readdir(dir)) != NULL) {
 		/* are we going to list the file- it may be . or .. or a hidden file */
-		strcpy(fnend, entry->d_name);
-		if ((strcmp(fnend, ".")==0) && !(disp_opts & DISP_DOT)) continue;
-		if ((strcmp(fnend, "..")==0) && !(disp_opts & DISP_DOT)) continue;
-		if ((fnend[0] ==  '.') && !(disp_opts & DISP_HIDDEN)) continue;
+		if ((strcmp(entry->d_name, ".")==0) && !(disp_opts & DISP_DOT)) continue;
+		if ((strcmp(entry->d_name, "..")==0) && !(disp_opts & DISP_DOT)) continue;
+		if ((entry->d_name[0] ==  '.') && !(disp_opts & DISP_HIDDEN)) continue;
 		cur= (struct dnode *)xmalloc(sizeof(struct dnode));
-		cur->fullname= xstrdup(fullname);
-		cur->name= cur->fullname + (int)(fnend - fullname) ;
+		cur->fullname = xmalloc(strlen(path)+1+strlen(entry->d_dname)+1);
+		strcpy(cur->fullname, path);
+		if (cur->fullname[strlen(cur->fullname)-1] != '/')
+			strcat(cur->fullname, "/");
+		cur->name= cur->fullname + strlen(cur->fullname);
+		strcat(cur->fullname, entry->d_name);
 #ifdef BB_FEATURE_LS_FOLLOWLINKS
 		if (follow_links == TRUE) {
-			if (stat(fullname, &cur->dstat)) {
-				errorMsg("%s: %s\n", fullname, strerror(errno));
+			if (stat(cur->fullname, &cur->dstat)) {
+				errorMsg("%s: %s\n", cur->fullname, strerror(errno));
 				free(cur->fullname);
 				free(cur);
 				continue;
 			}
 		} else
 #endif
-		if (lstat(fullname, &cur->dstat)) {   /* get file stat info into node */
-			errorMsg("%s: %s\n", fullname, strerror(errno));
+		if (lstat(cur->fullname, &cur->dstat)) {   /* get file stat info into node */
+			errorMsg("%s: %s\n", cur->fullname, strerror(errno));
 			free(cur->fullname);
 			free(cur);
 			continue;

More information about the busybox mailing list