[BusyBox] my_getpw(u/g)id

Vladimir N. Oleynik dzo at simtreas.ru
Fri Aug 27 16:32:39 UTC 2004


Tito writes:

 > I've spent the half night staring at the devilish  my_getpwuid and my_getgrgid
 > functions
 > trying to find out a way to avoid actual and future potential buffer overflow 
 > problems
 > without breaking existing code.
 > Finally I've  found a not intrusive way to do this that surely doesn't break
 > existing code
 > and fixes a couple of problems too.
 > The attached patch:
 > 1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial
 > buffer overflows
 > 2) fixes all occurences of this function calls in tar.c , id.c , ls.c,
 > whoami.c, logger.c, libbb.h.

Hmm. What in it great sense?
If you are afraid of overflow why to not make a global constants:

#define MY_GETPWUID_BUFF_SIZE 16
#define MY_GETPWGID_BUFF_SIZE 16

auditing a code for use this and check from my_getpw(u/g)id() only?


--w
vodz






More information about the busybox mailing list