[BusyBox] my_getpw(u/g)id
Vladimir N. Oleynik
dzo at simtreas.ru
Fri Aug 27 16:32:39 UTC 2004
Tito writes:
> I've spent the half night staring at the devilish my_getpwuid and my_getgrgid
> functions
> trying to find out a way to avoid actual and future potential buffer overflow
> problems
> without breaking existing code.
> Finally I've found a not intrusive way to do this that surely doesn't break
> existing code
> and fixes a couple of problems too.
> The attached patch:
> 1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial
> buffer overflows
> 2) fixes all occurences of this function calls in tar.c , id.c , ls.c,
> whoami.c, logger.c, libbb.h.
Hmm. What in it great sense?
If you are afraid of overflow why to not make a global constants:
#define MY_GETPWUID_BUFF_SIZE 16
#define MY_GETPWGID_BUFF_SIZE 16
auditing a code for use this and check from my_getpw(u/g)id() only?
--w
vodz
More information about the busybox
mailing list