[BusyBox] patch to login, dmesg and obscure
Ronny L Nilsson
bb at arbetsmyra.dyndns.org
Mon Jul 28 13:55:32 UTC 2003
Hi
I've discovered some bugs in the BusyBox unstable branch and since it doesn't
seem to fixed in the 1.0.0-pre1 release I created a patch with my changes.
Description below:
* libbb/obscure.c:password_check()
There was a buffer overflow bug which cased passwd command to segfault when
invoked by any other than the superuser.
* loginutils/login.c:
The login process should always timeout if user don't login sucessfully within
reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a
bunch of simultaneous telnet connections (deploys all availible TTY's).
This patch make login.c terminate the connection after "TIMEOUT" seconds.
* util-linux/dmesg.c:
If BusyBox was compiled with -DCONFIG_FEATURE_CLEAN_UP dmesg command segfaults
if invoked with the "-n" option. (Due to a free() of an uninitialized
pointer).
Are they good enough for inclusion?
Best regards
/Ronny Nilsson
---------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bbronny.diff
Type: text/x-diff
Size: 2477 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20030728/275f2b17/attachment.bin
More information about the busybox
mailing list