[BusyBox] 14 bugs on the wall: squashed
Larry Doolittle
ldoolitt at recycle.lbl.gov
Thu Apr 26 15:42:21 UTC 2001
With this patch, I think all of the possible string underruns
are addressed. The search
$ grep "strlen([^)]*) *- *1" *.c libbb/*.c
still finds 5 instances, but I have traced the logic in each of
those cases, and each time strlen is guaranteed to be greater than
zero.
Our PPC friends should have a more reliable BusyBox now.
- Larry
diff -urN /home/ldoolitt/cvs/busybox/Makefile busybox-trial/Makefile
--- /home/ldoolitt/cvs/busybox/Makefile Thu Apr 26 08:00:08 2001
+++ busybox-trial/Makefile Wed Apr 25 16:00:41 2001
@@ -248,7 +248,7 @@
recursive_action.c safe_read.c safe_strncpy.c seek_ared_file.c syscalls.c \
syslog_msg_with_name.c time_string.c trim.c untar.c unzip.c vdprintf.c \
verror_msg.c vperror_msg.c wfopen.c xfuncs.c xgetcwd.c xregcomp.c interface.c \
-remove_file.c
+remove_file.c last_char_is.c
LIBBB_OBJS=$(patsubst %.c,$(LIBBB)/%.o, $(LIBBB_CSRC))
LIBBB_CFLAGS = -I$(LIBBB)
ifneq ($(strip $(BB_SRC_DIR)),)
diff -urN /home/ldoolitt/cvs/busybox/cut.c busybox-trial/cut.c
--- /home/ldoolitt/cvs/busybox/cut.c Wed Jan 31 11:00:20 2001
+++ busybox-trial/cut.c Wed Apr 25 15:46:34 2001
@@ -75,7 +75,7 @@
/* handle multi-value cases */
else if (nminus == 1) {
/* handle 'N-' case */
- if (list[strlen(list) - 1] == '-') {
+ if (last_char_is(list,'-')) {
startpos = strtol(list, &ptr, 10);
}
/* handle '-M' case */
diff -urN /home/ldoolitt/cvs/busybox/dpkg.c busybox-trial/dpkg.c
--- /home/ldoolitt/cvs/busybox/dpkg.c Mon Apr 16 08:46:57 2001
+++ busybox-trial/dpkg.c Wed Apr 25 15:27:23 2001
@@ -583,7 +583,7 @@
*/
if ((fin = fopen(statusfile, "r")) != NULL) {
while (((line = get_line_from_file(fin)) != NULL) && !feof(fin)) {
- line[strlen(line) - 1] = '\0'; /* trim newline */
+ chomp(line); /* trim newline */
/* If we see a package header, find out if it's a package
* that we have processed. if so, we skip that block for
* now (write it at the end).
diff -urN /home/ldoolitt/cvs/busybox/libbb/last_char_is.c busybox-trial/libbb/last_char_is.c
--- /home/ldoolitt/cvs/busybox/libbb/last_char_is.c Wed Dec 31 16:00:00 1969
+++ busybox-trial/libbb/last_char_is.c Wed Apr 25 15:45:27 2001
@@ -0,0 +1,18 @@
+/*
+ * busybox library eXtended funcion
+ *
+ * Find out if the last character of a string matches the one given
+ * Don't underrun the buffer if the string length is 0.
+ * Also avoids a possible space-hogging inline of strlen()
+ * per usage.
+ *
+*/
+
+#include "libbb.h"
+
+int last_char_is(const char *s, const int c)
+{
+ int l = strlen(s);
+ if (l==0) return 0;
+ return (s[l-1] == c);
+}
diff -urN /home/ldoolitt/cvs/busybox/libbb/libbb.h busybox-trial/libbb/libbb.h
--- /home/ldoolitt/cvs/busybox/libbb/libbb.h Wed Apr 25 14:21:42 2001
+++ busybox-trial/libbb/libbb.h Wed Apr 25 15:50:57 2001
@@ -218,6 +218,7 @@
char *xgetcwd(char *cwd);
char *concat_path_file(const char *path, const char *filename);
+int last_char_is(const char *s, const int c);
typedef struct ar_headers_s {
char *name;
diff -urN /home/ldoolitt/cvs/busybox/tar.c busybox-trial/tar.c
--- /home/ldoolitt/cvs/busybox/tar.c Wed Apr 25 08:00:55 2001
+++ busybox-trial/tar.c Wed Apr 25 15:46:07 2001
@@ -706,7 +706,7 @@
case REGTYPE0:
/* If the name ends in a '/' then assume it is
* supposed to be a directory, and fall through */
- if (header.name[strlen(header.name)-1] != '/') {
+ if (last_char_is(header.name,'/')) {
if (tarExtractRegularFile(&header, extractFlag, tostdoutFlag)==FALSE)
errorFlag=TRUE;
break;
diff -urN /home/ldoolitt/cvs/busybox/vi.c busybox-trial/vi.c
--- /home/ldoolitt/cvs/busybox/vi.c Mon Apr 16 08:46:57 2001
+++ busybox-trial/vi.c Wed Apr 25 15:49:21 2001
@@ -1745,7 +1745,7 @@
while (isblnk(*buf))
buf++;
strcpy((char *) args, (char *) buf);
- if (cmd[strlen((char *) cmd) - 1] == '!') {
+ if (last_char_is((char *)cmd,'!')) {
useforce = TRUE;
cmd[strlen((char *) cmd) - 1] = '\0'; // get rid of !
}
More information about the busybox
mailing list