adduser/passwd: too long username

tito farmatito at tiscali.it
Mon Aug 18 19:30:46 UTC 2014


On Monday 18 August 2014 15:12:33 Denys Vlasenko wrote:
> On Sun, Aug 17, 2014 at 12:48 PM, Laszlo Papp <lpapp at kde.org> wrote:
> >
> >
> >
> > On Tue, Aug 5, 2014 at 8:34 PM, Laszlo Papp <lpapp at kde.org> wrote:
> >>
> >> On Tue, Aug 5, 2014 at 7:16 PM, Denys Vlasenko <vda.linux at googlemail.com>
> >> wrote:
> >>>
> >>> On Mon, Aug 4, 2014 at 7:06 PM, Laszlo Papp <lpapp at kde.org> wrote:
> >>> > sudo busybox adduser
> >>> >
> >>> > fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> >>> > passwd: unknown user
> >>> >
> >>> > fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> >>> >
> >>> > Yet, the user is created in /etc/shadow:
> >>> >
> >>> >
> >>> > fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff:!:16286:0:99999:7:::
> >>> >
> >>> > This is at least one issue, but there is another here:
> >>> >
> >>> > sudo busybox deluser
> >>> >
> >>> > fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> >>> > deluser: unknown user
> >>> >
> >>> > fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> >>>
> >>> Both issues come from the same location in codebase:
> >>> bb__pgsreader() parser drops lines which are longer than its buffer.
> >>>
> >>> Effectively, bbox ignores offending line in /etc/passwd.
> >>>
> >>> > Could you please look into this and potentially fix it? Thanks in
> >>> > advance.
> >>>
> >>> Anyone willing to rewrite getpwnam API to use variable-sized malloced
> >>> buffer?
> >>
> >>
> >> Is that a junior job?
> >
> >
> > Denys, this fix was sent two weeks ago? Why have you not applied it until
> > there is a better fix (if any)? This is still broken and results a system
> > with potential stray users around.
> 
> I'm having bad feelings about the fix along the lines of
> 
> -#define PWD_BUFFER_SIZE 256
> -#define GRP_BUFFER_SIZE 256
> +#define PWD_BUFFER_SIZE 2*LOGIN_NAME_MAX+256
> +#define GRP_BUFFER_SIZE 2*LOGIN_NAME_MAX+256
> 
> I fear that people (situations) strange enough to use names as long as
> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> can easily use names thrice as long.
> 
> From the API perspective, xmalloc_getpwnam(username) would be ideal.
> But it would require significant rework.
> _______________________________________________

Hi,
i will post a proof of concept rewrite of the getpw/grxxx  functions
I've done just to see if something (code or ideas) could be reused
for bb. I'll open a separate thread.

Ciao,
Tito


More information about the busybox mailing list