Commit 9492e48f authored by Natanael Copa's avatar Natanael Copa

main/busybox: remove sed fix

apparently it makes ifupdown segfault
parent e5c60836
From e2afae6303e871a31a061d03359cfcd5dd86c088 Mon Sep 17 00:00:00 2001
From: Quentin Rameau <quinq@fifth.space>
Date: Sun, 1 Apr 2018 19:49:58 +0200
Subject: [PATCH] sed: prevent overflow of length from bb_get_chunk_from_file
This fragment did not work right:
temp = bb_get_chunk_from_file(fp, &len);
if (temp) {
/* len > 0 here, it's ok to do temp[len-1] */
char c = temp[len-1];
With "int len" _sign-extending_, temp[len-1] can refer to a wrong location
if len > 0x7fffffff.
Signed-off-by: Quentin Rameau <quinq@fifth.space>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
editors/sed.c | 2 +-
include/libbb.h | 2 +-
libbb/get_line_from_file.c | 11 +++++++----
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/editors/sed.c b/editors/sed.c
index 9d800c2c3..470220859 100644
--- a/editors/sed.c
+++ b/editors/sed.c
@@ -988,7 +988,7 @@ static void flush_append(char *last_puts_char)
static char *get_next_line(char *gets_char, char *last_puts_char)
{
char *temp = NULL;
- int len;
+ size_t len;
char gc;
flush_append(last_puts_char);
diff --git a/include/libbb.h b/include/libbb.h
index fa878433e..309c58734 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -911,7 +911,7 @@ extern void xprint_and_close_file(FILE *file) FAST_FUNC;
* end of line. If end isn't NULL, length of the chunk is stored in it.
* Returns NULL if EOF/error.
*/
-extern char *bb_get_chunk_from_file(FILE *file, int *end) FAST_FUNC;
+extern char *bb_get_chunk_from_file(FILE *file, size_t *end) FAST_FUNC;
/* Reads up to (and including) TERMINATING_STRING: */
extern char *xmalloc_fgets_str(FILE *file, const char *terminating_string) FAST_FUNC RETURNS_MALLOC;
/* Same, with limited max size, and returns the length (excluding NUL): */
diff --git a/libbb/get_line_from_file.c b/libbb/get_line_from_file.c
index 941ea12b5..d10066937 100644
--- a/libbb/get_line_from_file.c
+++ b/libbb/get_line_from_file.c
@@ -10,16 +10,19 @@
*/
#include "libbb.h"
-char* FAST_FUNC bb_get_chunk_from_file(FILE *file, int *end)
+char* FAST_FUNC bb_get_chunk_from_file(FILE *file, size_t *end)
{
int ch;
- unsigned idx = 0;
+ size_t idx = 0;
char *linebuf = NULL;
while ((ch = getc(file)) != EOF) {
/* grow the line buffer as necessary */
- if (!(idx & 0xff))
+ if (!(idx & 0xff)) {
+ if (idx == ((size_t)-1) - 0xff)
+ bb_error_msg_and_die(bb_msg_memory_exhausted);
linebuf = xrealloc(linebuf, idx + 0x100);
+ }
linebuf[idx++] = (char) ch;
if (ch == '\0')
break;
@@ -49,7 +52,7 @@ char* FAST_FUNC xmalloc_fgets(FILE *file)
/* Get line. Remove trailing \n */
char* FAST_FUNC xmalloc_fgetline(FILE *file)
{
- int i;
+ size_t i;
char *c = bb_get_chunk_from_file(file, &i);
if (i && c[--i] == '\n')
--
2.16.3
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox pkgname=busybox
pkgver=1.28.2 pkgver=1.28.2
pkgrel=2 pkgrel=3
pkgdesc="Size optimized toolbox of many common UNIX utilities" pkgdesc="Size optimized toolbox of many common UNIX utilities"
url=http://busybox.net url=http://busybox.net
arch="all" arch="all"
...@@ -39,7 +39,6 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2 ...@@ -39,7 +39,6 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
fix-cpio-symlinks.patch fix-cpio-symlinks.patch
0001-grep-fix-echo-aa-busybox-grep-F-w-a-should-not-match.patch 0001-grep-fix-echo-aa-busybox-grep-F-w-a-should-not-match.patch
0001-sed-prevent-overflow-of-length-from-bb_get_chunk_fro.patch
acpid.logrotate acpid.logrotate
busyboxconfig busyboxconfig
...@@ -203,7 +202,6 @@ a96aa81d2f0104b5c28f02e80b3f77dbce77af93c174c09015a34850474d69e42c160fc8061c62f0 ...@@ -203,7 +202,6 @@ a96aa81d2f0104b5c28f02e80b3f77dbce77af93c174c09015a34850474d69e42c160fc8061c62f0
d90d6b3406760fe3df6dbed46a0f4d1c02a69d5184ebc86d8c1692bc4576532127283ba3ff9a81e64f3660c279b8ee324dac7a426350873c45957067648651c6 0017-ifupdown-do-not-fail-if-interface-disappears-during-.patch d90d6b3406760fe3df6dbed46a0f4d1c02a69d5184ebc86d8c1692bc4576532127283ba3ff9a81e64f3660c279b8ee324dac7a426350873c45957067648651c6 0017-ifupdown-do-not-fail-if-interface-disappears-during-.patch
65c11538056b6bd782b6195252a2a49f3b374e285a04f3296f708bb7da02b87435c34d43eaf80f1961167f55106fc2e4d5843d0c27cf06e6156ff8fabe642ac8 fix-cpio-symlinks.patch 65c11538056b6bd782b6195252a2a49f3b374e285a04f3296f708bb7da02b87435c34d43eaf80f1961167f55106fc2e4d5843d0c27cf06e6156ff8fabe642ac8 fix-cpio-symlinks.patch
bc16f8ee0369274aa145d050cf45d7b0f7e9cd569b40e327b634f442851fff23a7decee0ba7822535bb6e195a0f8ab8a29fe5899cd909abda8d60e4247b462d9 0001-grep-fix-echo-aa-busybox-grep-F-w-a-should-not-match.patch bc16f8ee0369274aa145d050cf45d7b0f7e9cd569b40e327b634f442851fff23a7decee0ba7822535bb6e195a0f8ab8a29fe5899cd909abda8d60e4247b462d9 0001-grep-fix-echo-aa-busybox-grep-F-w-a-should-not-match.patch
618cc4398765de5894ca9607798d163346441845be695a41299fedb4d9a6e3ae352850b75dbe7139fda315f93fbb66f3828396ca597bb83c51d19f57eb40e428 0001-sed-prevent-overflow-of-length-from-bb_get_chunk_fro.patch
a9b1403c844c51934637215307dd9e2adb9458921047acff0d86dcf229b6e0027f4b2c6cdaa25a58407aad9d098fb5685d58eb5ff8d2aa3de4912cdea21fe54c acpid.logrotate a9b1403c844c51934637215307dd9e2adb9458921047acff0d86dcf229b6e0027f4b2c6cdaa25a58407aad9d098fb5685d58eb5ff8d2aa3de4912cdea21fe54c acpid.logrotate
035f2a28719971d9ff805d208d70bc1144fd3701235dc46ef581a559e696ef92265f28f7debf0248a2cee004a773dcd07828bcc088716f5aff944ccdce15d30f busyboxconfig 035f2a28719971d9ff805d208d70bc1144fd3701235dc46ef581a559e696ef92265f28f7debf0248a2cee004a773dcd07828bcc088716f5aff944ccdce15d30f busyboxconfig
0efbe22e2fd56993d92b6542d4ccffb2b42d50495be085c98f417a71f503b4071e2f092afcec77f78064d33ffb0922c28daa3cb9958e6d7fb26d5a660abd90f4 busyboxconfig-extras 0efbe22e2fd56993d92b6542d4ccffb2b42d50495be085c98f417a71f503b4071e2f092afcec77f78064d33ffb0922c28daa3cb9958e6d7fb26d5a660abd90f4 busyboxconfig-extras
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment