[BusyBox] my_getpw(u/g)id

Tito farmatito at tiscali.it
Fri Aug 27 21:46:08 UTC 2004


On Friday 27 August 2004 OO:32, Vladimir N. Oleynik wrote:
> Tito writes:
> 
>  > I've spent the half night staring at the devilish  my_getpwuid and my_getgrgid
>  > functions
>  > trying to find out a way to avoid actual and future potential buffer overflow 
>  > problems
>  > without breaking existing code.
>  > Finally I've  found a not intrusive way to do this that surely doesn't break
>  > existing code
>  > and fixes a couple of problems too.
>  > The attached patch:
>  > 1) changes the behaviour of my_getpwuid and my_getgrgid to avoid potetntial
>  > buffer overflows
>  > 2) fixes all occurences of this function calls in tar.c , id.c , ls.c,
>  > whoami.c, logger.c, libbb.h.
> 
> Hmm. What in it great sense?
> If you are afraid of overflow why to not make a global constants:
> 
> #define MY_GETPWUID_BUFF_SIZE 16
> #define MY_GETPWGID_BUFF_SIZE 16
> 
> auditing a code for use this and check from my_getpw(u/g)id() only?
Hi, vodz
I've thought a very long time on this but as my targets were:
1) don't break exisisting code short before release
2) avoid rewriting procps_scan, ls, logger, tar etc.
3)make  my_getpw(u/g)id overflow safe
4)make busybox able to handle usernames of whatever lenght.

I looked on google a half night to find some standard value but
the only notice I've found was in man sysconf:

       LOGIN_NAME_MAX - _SC_LOGIN_NAME_MAX
              Maximum  length  of a login name, including the final NUL.  Must
              not be less than _POSIX_LOGIN_NAME_MAX (9).

So there is a minimum of 9 but no maximum set.
On my system for example:
	printf("%ld\n", sysconf(_SC_LOGIN_NAME_MAX));
returns 256.

Setting a global constant seemed not a good solution to me
as we cannot  predict how long an username will be on a host system running
busybox and so we will surely have troubles and breakage in the future.

To accomplish point 4 now I'm trying to modify also id to avoid the use
of static allocated buffers, maybe you that are more experienced than me
can help in this work.

The other occurrences of my_getpw(u/g)id() look ok to me as they
work with buffers of different sizes:
128 in logger.c
32  in tar.c
16 in ls.c
8  in procps_scan()
so passing the buffer size to the function makes some sense.

BTW: while working on id I missed a feature in bb_getopt_ulflags:
It would be nice if we could set a rule to say:

switch x  never used alone

also some rule to override ~ would be nice like:
n~r no
gnr yes

This would be very useful for erroring out to show_usage 
without having to check for the not allowed switch combinations.

Ciao,
Tito 



> 
> --w
> vodz
> 
> 
> 
> 



More information about the busybox mailing list