[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [BusyBox] [SECURITY] potential buffer overflows caused by
From: Tito <farmatito () tiscali ! it>
Date: 2004-08-24 11:59:13
Message-ID: 200408241401.40229.farmatito () tiscali ! it
[Download RAW message or body]
Hi Erik,
Hi to all,
One more thought about this my_get* stuff:
maybe the correct behaviour should be:
A) If the uid is not found return NULL.
In this case the app already have long uid and can decide to convert
it to a string if needed.
The actual behaviour, writing to the buffer and return NULL is useless,
in fact in all occurrences of my_getpwuid() in:
file:/rep/busybox-1.00-rc3/coreutils/id.c
file:/rep/busybox-1.00-rc3/coreutils/ls.c
file:/rep/busybox-1.00-rc3/libbb/procps.c
file:/rep/busybox-1.00-rc3/sysklogd/logger.c
the return value is not checked.
Only in:
file:/rep/busybox-1.00-rc3/archival/tar.c
file:/rep/busybox-1.00-rc3/coreutils/whoami.c
the return value is checked , but this seems easy to fix.
B) If the uid is found return a malloced buffer big enough to contain the full
name that can be freed later if needed.
char * my_getpwuid( long uid)
{
struct passwd *myuser;
char *name=NULL;
if((myuser = getpwuid(uid))!=NULL)
{
name=(char *)xmalloc(strlen(myuser->pw_name) +1);
sprintf(name,"%s", myuser->pw_name);
}
return name;
}
I haven't looked about my_getgrgid yet.
Ciao,
Tito
_______________________________________________
busybox mailing list
busybox@mail.busybox.net
http://codepoet.org/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic