[BusyBox] 14 bugs on the wall: squashed

Larry Doolittle ldoolitt at recycle.lbl.gov
Thu Apr 26 15:42:21 UTC 2001


With this patch, I think all of the possible string underruns
are addressed.  The search

$ grep "strlen([^)]*) *- *1" *.c libbb/*.c

still finds 5 instances, but I have traced the logic in each of
those cases, and each time strlen is guaranteed to be greater than
zero.

Our PPC friends should have a more reliable BusyBox now.

       - Larry

diff -urN /home/ldoolitt/cvs/busybox/Makefile busybox-trial/Makefile
--- /home/ldoolitt/cvs/busybox/Makefile	Thu Apr 26 08:00:08 2001
+++ busybox-trial/Makefile	Wed Apr 25 16:00:41 2001
@@ -248,7 +248,7 @@
 recursive_action.c safe_read.c safe_strncpy.c seek_ared_file.c syscalls.c \
 syslog_msg_with_name.c time_string.c trim.c untar.c unzip.c vdprintf.c \
 verror_msg.c vperror_msg.c wfopen.c xfuncs.c xgetcwd.c xregcomp.c interface.c \
-remove_file.c
+remove_file.c last_char_is.c
 LIBBB_OBJS=$(patsubst %.c,$(LIBBB)/%.o, $(LIBBB_CSRC))
 LIBBB_CFLAGS = -I$(LIBBB)
 ifneq ($(strip $(BB_SRC_DIR)),)
diff -urN /home/ldoolitt/cvs/busybox/cut.c busybox-trial/cut.c
--- /home/ldoolitt/cvs/busybox/cut.c	Wed Jan 31 11:00:20 2001
+++ busybox-trial/cut.c	Wed Apr 25 15:46:34 2001
@@ -75,7 +75,7 @@
 	/* handle multi-value cases */
 	else if (nminus == 1) {
 		/* handle 'N-' case */
-		if (list[strlen(list) - 1] == '-') {
+		if (last_char_is(list,'-')) {
 			startpos = strtol(list, &ptr, 10);
 		}
 		/* handle '-M' case */
diff -urN /home/ldoolitt/cvs/busybox/dpkg.c busybox-trial/dpkg.c
--- /home/ldoolitt/cvs/busybox/dpkg.c	Mon Apr 16 08:46:57 2001
+++ busybox-trial/dpkg.c	Wed Apr 25 15:27:23 2001
@@ -583,7 +583,7 @@
 	 */
 	if ((fin = fopen(statusfile, "r")) != NULL) {
 		while (((line = get_line_from_file(fin)) != NULL) && !feof(fin)) { 
-			line[strlen(line) - 1] = '\0'; /* trim newline */
+			chomp(line); /* trim newline */
 			/* If we see a package header, find out if it's a package
 			 * that we have processed. if so, we skip that block for
 			 * now (write it at the end).
diff -urN /home/ldoolitt/cvs/busybox/libbb/last_char_is.c busybox-trial/libbb/last_char_is.c
--- /home/ldoolitt/cvs/busybox/libbb/last_char_is.c	Wed Dec 31 16:00:00 1969
+++ busybox-trial/libbb/last_char_is.c	Wed Apr 25 15:45:27 2001
@@ -0,0 +1,18 @@
+/*
+ * busybox library eXtended funcion
+ *
+ * Find out if the last character of a string matches the one given
+ * Don't underrun the buffer if the string length is 0.
+ * Also avoids a possible space-hogging inline of strlen()
+ * per usage.
+ *
+*/
+
+#include "libbb.h"
+
+int last_char_is(const char *s, const int c)
+{
+	int  l = strlen(s);
+	if (l==0) return 0;
+	return (s[l-1] == c);
+}
diff -urN /home/ldoolitt/cvs/busybox/libbb/libbb.h busybox-trial/libbb/libbb.h
--- /home/ldoolitt/cvs/busybox/libbb/libbb.h	Wed Apr 25 14:21:42 2001
+++ busybox-trial/libbb/libbb.h	Wed Apr 25 15:50:57 2001
@@ -218,6 +218,7 @@
 
 char *xgetcwd(char *cwd);
 char *concat_path_file(const char *path, const char *filename);
+int last_char_is(const char *s, const int c);
 
 typedef struct ar_headers_s {
 	char *name;
diff -urN /home/ldoolitt/cvs/busybox/tar.c busybox-trial/tar.c
--- /home/ldoolitt/cvs/busybox/tar.c	Wed Apr 25 08:00:55 2001
+++ busybox-trial/tar.c	Wed Apr 25 15:46:07 2001
@@ -706,7 +706,7 @@
 			case REGTYPE0:
 				/* If the name ends in a '/' then assume it is
 				 * supposed to be a directory, and fall through */
-				if (header.name[strlen(header.name)-1] != '/') {
+				if (last_char_is(header.name,'/')) {
 					if (tarExtractRegularFile(&header, extractFlag, tostdoutFlag)==FALSE)
 						errorFlag=TRUE;
 					break;
diff -urN /home/ldoolitt/cvs/busybox/vi.c busybox-trial/vi.c
--- /home/ldoolitt/cvs/busybox/vi.c	Mon Apr 16 08:46:57 2001
+++ busybox-trial/vi.c	Wed Apr 25 15:49:21 2001
@@ -1745,7 +1745,7 @@
 	while (isblnk(*buf))
 		buf++;
 	strcpy((char *) args, (char *) buf);
-	if (cmd[strlen((char *) cmd) - 1] == '!') {
+	if (last_char_is((char *)cmd,'!')) {
 		useforce = TRUE;
 		cmd[strlen((char *) cmd) - 1] = '\0';	// get rid of !
 	}





More information about the busybox mailing list