From bugzilla at busybox.net Tue Dec 6 23:21:46 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Tue, 06 Dec 2022 23:21:46 +0000
Subject: [Bug 15166] New: Bug in substitution function of the ed applet
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15166
Bug ID: 15166
Summary: Bug in substitution function of the ed applet
Product: Busybox
Version: 1.34.x
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: rozel at enertech.fr
CC: busybox-cvs at busybox.net
Target Milestone: ---
Non global substitution isn't done in two consecutive lines when the string on
the 2nd line is before or at the same place of the first line.
For example :
,s/OLD/NEW/ on
--
OLD
OLD
--
gave
--
OLD
NEW
--
(bug)
but on
--
OLD
OLD
--
gave
--
NEW
NEW
--
(OK)
and on
--
OLD
XXXOLD
--
(OK)
gave
--
NEW
XXXNEW
--
(OK).
On the first example, ,s/OLD/NEW/g works correctly (all OLD are substituted).
Looking at the source of the 1.35 version (editors/ed.c), it seems that this
problem can be corrected by initializing "offset = 0;" each time "lp =
lp->next; num1++;" in the subCommand() function (so in line 729 and 770).
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Tue Dec 6 23:24:54 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Tue, 06 Dec 2022 23:24:54 +0000
Subject: [Bug 15166] Bug in substitution function of the ed applet
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15166
rozel at enertech.fr changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rozel at enertech.fr
--- Comment #1 from rozel at enertech.fr ---
Please read
--
NEW
OLD
--
instead the opposite for the erroneous behavior.
Sorry.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 7 05:01:19 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 07 Dec 2022 05:01:19 +0000
Subject: [Bug 15171] New: busybox ash segfault on invalid substitutions
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15171
Bug ID: 15171
Summary: busybox ash segfault on invalid substitutions
Product: Busybox
Version: 1.35.x
Hardware: All
URL: http://lists.busybox.net/pipermail/busybox/2022-Novemb
er/090036.html
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: calestyo at scientia.org
CC: busybox-cvs at busybox.net
Target Milestone: ---
Hey.
This issue was originally found by myself, then further analysed by Harald van
Dijk and posted by him to the busybox mailing list at:
http://lists.busybox.net/pipermail/busybox/2022-November/090036.html
I thought it would be a good idea to open a bug here to keep the issue tracked.
Cheers,
Chris.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 7 05:02:13 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 07 Dec 2022 05:02:13 +0000
Subject: [Bug 15171] busybox ash segfault on invalid substitutions
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15171
--- Comment #1 from Christoph Anton Mitterer ---
Just for convenience and the records, a verbatim copy of Harald's
aforementioned mail:
-----------------
Hi,
Over on the dash mailing list, Christoph Anton Mitterer reported a
segfault in dash when dealing with invalid substitutions:
busybox ash being based on dash, despite the segmentation fault not
triggering there with the original script, it can be triggered in
busybox ash with a different script as well. I am reporting this here as
requested in that thread. The below is with a build with 'make
defconfig', except CONFIG_DEBUG=y and CONFIG_DEBUG_PESSIMIZE=y.
$ gdb --args ./busybox_unstripped sh -c 'f() { echo ${PWD-${PWD!}}; }; f'
GNU gdb (GDB) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./busybox_unstripped...
(gdb) run
Starting program: /home/harald/busybox/busybox_unstripped sh -c f\(\)\
\{\ echo\ \$\{PWD-\$\{PWD\!\}\}\;\ \}\;\ f
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00348eab in argstr (p=0x1 , flag=1089) at shell/ash.c:6819
6819 if (*p == '~')
(gdb)
This happens because invalid substitutions (${PWD!}) are encoded using a
null byte, but function definitions treat node text as C-style strings
terminated by the first null byte, so we end up accessing the duplicated
node text past the end of the buffer:
(gdb) b shell/ash.c:9148
Breakpoint 1 at 0x34ca03: file shell/ash.c, line 9148.
(gdb) run
Starting program: /home/harald/busybox/busybox_unstripped sh -c f\(\)\
\{\ echo\ \$\{PWD-\$\{PWD\!\}\}\;\ \}\;\ f
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, copynode (n=0x3923ec) at shell/ash.c:9148
9148 new->narg.text = nodeckstrdup(n->narg.text);
(gdb) cont
Continuing.
Breakpoint 1, copynode (n=0x39240c) at shell/ash.c:9148
9148 new->narg.text = nodeckstrdup(n->narg.text);
(gdb) p n->narg.text
$1 = 0x3923fc "\202\002PWD=\202"
(gdb) step
nodeckstrdup (s=0xffffd1c8 "") at shell/ash.c:9059
9059 {
(gdb) next
9060 funcstring_end -= SHELL_ALIGN(strlen(s) + 1);
(gdb)
9061 return strcpy(funcstring_end, s);
(gdb)
9062 }
Here, \202 is CTLVAR. We can see that n->narg.text ends in CTLVAR
followed by a null byte, and it is copied using strlen() and strcpy(),
so any bytes after that null byte will be left out.
There are two possible ways of fixing this, depending on the intended
behaviour. Nothing has yet been said on the list to definitively know
what the dash intended behaviour here is, but regardless, busybox may
choose to act now.
1: If the intended behaviour is to raise an error:
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -7465,9 +7465,6 @@ varvalue(char *name, int varflags, int flags, int
quoted)
int discard = (subtype == VSPLUS || subtype == VSLENGTH) |
(flags & EXP_DISCARD);
if (!subtype) {
- if (discard)
- return -1;
-
ifsfree();
raise_error_syntax("bad substitution");
}
This preserves the copynode() behaviour of cutting off the word, but it
is okay as now a null byte is guaranteed to terminate the expansion.
2: If the intended behaviour is to ignore the invalid substitution as
long as it is skipped:
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -12981,6 +12981,8 @@ parsesub: {
synstack->dblquote = newsyn != BASESYNTAX;
}
+ if (subtype == 0)
+ subtype = VSNUL;
((unsigned char *)stackblock())[typeloc] = subtype;
if (subtype != VSNORMAL) {
synstack->varnest++;
This encodes invalid substitutions using VSNUL, which when masked with
VSTYPE will result in 0 like before, but does not result in all bits
zero, so does not terminate the string.
I know my mail client will have mangled the formatting. Apologies for that.
I am not expecting either of these patches to be applied as is anyway,
at this point I am more interested in getting the busybox views on
whether either fix is wanted now already (before dash acts), and if so,
which one. Especially the second one will likely have opportunities to
clean up and reduce code size by making sure subtype is already set to
VSNUL at this point, rather than 0, meaning it does not need to be
patched up here.
Cheers,
Harald van Dijk
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 7 05:04:27 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 07 Dec 2022 05:04:27 +0000
Subject: [Bug 15171] busybox ash segfault on invalid substitutions
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15171
--- Comment #2 from Christoph Anton Mitterer ---
I shall add, that a patch for this issue has recently been posted for dash on
their mailing list at:
https://lore.kernel.org/dash/Y47ZlpwkQy+jiule at gondor.apana.org.au/
and is scheduled for being merged in their git.
It seems that the klibc (which contains an ash/dash based sh implementation
that also suffers from this) upstream is likely going to use that patch as
well.
So that might be of interest for BusyBox, too.
Cheers,
Chris.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 7 05:05:43 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 07 Dec 2022 05:05:43 +0000
Subject: [Bug 15171] busybox ash segfault on invalid substitutions
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15171
--- Comment #3 from Christoph Anton Mitterer ---
Oh and just one more thing for the records, since dash/klibc have no proper
bugtracker, I had reported bugs in against the respective Debian packages:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024635
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024735
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 7 15:45:30 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 07 Dec 2022 15:45:30 +0000
Subject: [Bug 15171] busybox ash segfault on invalid substitutions
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15171
--- Comment #4 from Christoph Anton Mitterer ---
The first patch seems to have been buggy, a v2 was posted:
https://lore.kernel.org/dash/Y5BTWr28NgVMm8UG at gondor.apana.org.au/
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 7 17:54:21 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 07 Dec 2022 17:54:21 +0000
Subject: [Bug 14716] top -m doesn't report highest memory consummer
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14716
--- Comment #1 from Fred_busybox ---
Hello,
I am also interested, I have this error with "top -m"
top -m
top: no process info in /proc
I am looking for the "Rss" memory info.
If helpful, on kernel 4.9.232 ARM , by example, there is :
cat /proc/1528/status
cat /proc/1528/status
Name: myprocess
Umask: 0022
State: S (sleeping)
Tgid: 1528
Ngid: 0
Pid: 1528
PPid: 1
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 256
Groups:
NStgid: 1528
NSpid: 1528
NSpgid: 1316
NSsid: 1316
VmPeak: 271524 kB
VmSize: 271524 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 7856 kB
VmRSS: 7856 kB
RssAnon: 976 kB
RssFile: 6880 kB
RssShmem: 0 kB
VmData: 26984 kB
VmStk: 132 kB
VmExe: 220 kB
VmLib: 10484 kB
VmPTE: 72 kB
VmPMD: 8 kB
VmSwap: 0 kB
Threads: 25
SigQ: 1/9947
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000001006
SigCgt: 0000000180004000
CapInh: 0000000000000000
CapPrm: 0000003fffffffff
CapEff: 0000003fffffffff
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
Seccomp: 0
Speculation_Store_Bypass: unknown
Cpus_allowed: 3
Cpus_allowed_list: 0-1
Mems_allowed: 1
Mems_allowed_list: 0
voluntary_ctxt_switches: 6093
nonvoluntary_ctxt_switches: 30
Regards
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 7 17:56:32 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 07 Dec 2022 17:56:32 +0000
Subject: [Bug 14716] top -m doesn't report highest memory consummer
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14716
Fred_busybox changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 |P3
Severity|minor |normal
--
You are receiving this mail because:
You are on the CC list for the bug.
From vda.linux at googlemail.com Thu Dec 8 16:13:11 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Thu, 8 Dec 2022 17:13:11 +0100
Subject: [git commit] xxd: fix typo in trivial usage
Message-ID: <20221208161914.B54B785E75@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=90456a6aa3a039ac1b16a09e64d13cc9589b55ee
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Brandon Maier
Signed-off-by: Denys Vlasenko
---
util-linux/hexdump_xxd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util-linux/hexdump_xxd.c b/util-linux/hexdump_xxd.c
index 6629407de..45391b565 100644
--- a/util-linux/hexdump_xxd.c
+++ b/util-linux/hexdump_xxd.c
@@ -41,7 +41,7 @@
// -u use upper case hex letters.
//usage:#define xxd_trivial_usage
-//usage: "[-pri] [-g N] [-c N] [-n LEN] [-s OFS] [-o OFS] [FILE]"
+//usage: "[-pri] [-g N] [-c N] [-l LEN] [-s OFS] [-o OFS] [FILE]"
//usage:#define xxd_full_usage "\n\n"
//usage: "Hex dump FILE (or stdin)\n"
//usage: "\n -g N Bytes per group"
From vda.linux at googlemail.com Mon Dec 12 17:57:09 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Mon, 12 Dec 2022 18:57:09 +0100
Subject: [git commit] loop: refactor: extract subfunction get_next_free_loop()
Message-ID: <20221212181014.1DD5985F93@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=ddccf6cd2f519c46a6286a43ceaf680eb367301c
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Extract subfunction get_next_free_loop() from set_loop()
Also fix miss free(try) when stat(try) and mknod fail
function old new delta
set_loop 807 790 -17
Fixes: 3448914e8cc5 ("mount,losetup: use /dev/loop-control is it exists")
Signed-off-by: Xiaoming Ni
Signed-off-by: Denys Vlasenko
---
libbb/loop.c | 56 ++++++++++++++++++++++++++------------------------------
1 file changed, 26 insertions(+), 30 deletions(-)
diff --git a/libbb/loop.c b/libbb/loop.c
index 750642ade..8e5c915fc 100644
--- a/libbb/loop.c
+++ b/libbb/loop.c
@@ -96,6 +96,20 @@ int FAST_FUNC get_free_loop(void)
return loopdevno; /* can be -1 if error */
}
+static int get_next_free_loop(char *dev, int id)
+{
+ int loopdevno;
+
+ loopdevno = get_free_loop();
+ if (loopdevno != -1) {
+ /* loopdevno is -2 (use id) or >= 0 (use id = loopdevno): */
+ if (loopdevno >= 0)
+ id = loopdevno;
+ sprintf(dev, LOOP_FORMAT, id);
+ }
+ return loopdevno;
+}
+
/* Returns opened fd to the loop device, <0 on error.
* *device is loop device to use, or if *device==NULL finds a loop device to
* mount it on and sets *device to a strdup of that loop device name.
@@ -123,30 +137,27 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
try = *device;
if (!try) {
- get_free_loopN:
- i = get_free_loop();
- if (i == -1) {
- close(ffd);
- return -1; /* no free loop devices */
- }
- if (i >= 0) {
- try = xasprintf(LOOP_FORMAT, i);
- goto open_lfd;
- }
- /* i == -2: no /dev/loop-control. Do an old-style search for a free device */
try = dev;
}
/* Find a loop device */
/* 0xfffff is a max possible minor number in Linux circa 2010 */
for (i = 0; i <= 0xfffff; i++) {
- sprintf(dev, LOOP_FORMAT, i);
+ if (!*device) {
+ rc = get_next_free_loop(dev, i);
+ if (rc == -1)
+ break; /* no free loop devices (or other error in LOOP_CTL_GET_FREE) */
+ if (rc >= 0)
+ /* /dev/loop-control gave us the next free /dev/loopN */
+ goto open_lfd;
+ /* else: sequential /dev/loopN, needs to be tested/maybe_created */
+ }
IF_FEATURE_MOUNT_LOOP_CREATE(errno = 0;)
if (stat(try, &statbuf) != 0 || !S_ISBLK(statbuf.st_mode)) {
if (ENABLE_FEATURE_MOUNT_LOOP_CREATE
&& errno == ENOENT
- && try == dev
+ && (!*device)
) {
/* Node doesn't exist, try to create it */
if (mknod(dev, S_IFBLK|0644, makedev(7, i)) == 0)
@@ -179,13 +190,10 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
/* Associate free loop device with file */
if (ioctl(lfd, LOOP_SET_FD, ffd)) {
/* Ouch. Are we racing with other mount? */
- if (!*device /* yes */
- && try != dev /* tried a _kernel-offered_ loopN? */
- ) {
- free(try);
+ if (!*device) {
close(lfd);
//TODO: add "if (--failcount != 0) ..."?
- goto get_free_loopN;
+ continue;
}
goto close_and_try_next_loopN;
}
@@ -209,8 +217,6 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
}
if (rc == 0) {
/* SUCCESS! */
- if (try != dev) /* tried a kernel-offered free loopN? */
- *device = try; /* malloced */
if (!*device) /* was looping in search of free "/dev/loopN"? */
*device = xstrdup(dev);
rc = lfd; /* return this */
@@ -218,16 +224,6 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
}
/* failure, undo LOOP_SET_FD */
ioctl(lfd, LOOP_CLR_FD, 0); // actually, 0 param is unnecessary
- } else {
- /* device is not free (rc == 0), or error other than ENXIO */
- if (rc == 0 /* device is not free? */
- && !*device /* racing with other mount? */
- && try != dev /* tried a _kernel-offered_ loopN? */
- ) {
- free(try);
- close(lfd);
- goto get_free_loopN;
- }
}
close_and_try_next_loopN:
close(lfd);
From vda.linux at googlemail.com Mon Dec 12 18:03:06 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Mon, 12 Dec 2022 19:03:06 +0100
Subject: [git commit] loop: simplify code of LOOP_SET_FD failure
Message-ID: <20221212181014.28A9D85F96@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=7dc76c9f210b3c66a9c89e6690af7b49f6c540a8
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
set_loop 790 760 -30
Signed-off-by: Xiaoming Ni
Signed-off-by: Denys Vlasenko
---
libbb/loop.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/libbb/loop.c b/libbb/loop.c
index 8e5c915fc..256b7ac90 100644
--- a/libbb/loop.c
+++ b/libbb/loop.c
@@ -188,13 +188,9 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
/* If device is free, try to claim it */
if (rc && errno == ENXIO) {
/* Associate free loop device with file */
- if (ioctl(lfd, LOOP_SET_FD, ffd)) {
- /* Ouch. Are we racing with other mount? */
- if (!*device) {
- close(lfd);
-//TODO: add "if (--failcount != 0) ..."?
- continue;
- }
+ rc = ioctl(lfd, LOOP_SET_FD, ffd);
+ if (rc != 0) {
+ /* Ouch... race: the device already has a fd */
goto close_and_try_next_loopN;
}
memset(&loopinfo, 0, sizeof(loopinfo));
From vda.linux at googlemail.com Tue Dec 13 14:12:31 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 13 Dec 2022 15:12:31 +0100
Subject: [git commit] testsuite/mount.tests: accomodate umount failure seen on
5.18.0
Message-ID: <20221213141315.5BE0285F82@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=9df54deead6845fc38509c412736b47a9a5d5187
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
testsuite/mount.tests | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/testsuite/mount.tests b/testsuite/mount.tests
index b6d5ebe08..7370805cd 100755
--- a/testsuite/mount.tests
+++ b/testsuite/mount.tests
@@ -104,12 +104,24 @@ mount -r -o loop -t ext2 z1/e2img z2 || { echo 'mount -r -o loop error'; e
mount -o remount,ro z1 || { echo 'mount -o remount,ro error'; exit 1; }
)
umount -d mount.dir/z2
-##losetup -d /dev/loop*
+##sleep 0.1
umount -d mount.dir/z1
rm -rf mount.dir
echo DONE
" \
"DONE\n" "" ""
+# On 5.18.0, "umount -d mount.dir/z1" above fails.
+# (It would work with "sleep 0.1" - looks like z1/e2img
+# is momentarily keeping z1 mountpoint busy, even though
+# the "umount" which freed z1/e2img from being the base
+# of z2 mountpoint has returned).
+# Fixing the mess if it did fail:
+if test -d mount.dir/z1; then
+ ls -ld mount.dir/z1/* mount.dir/z1
+ sleep 1
+ umount -d mount.dir/z1
+ rmdir mount.dir/z1 mount.dir
+fi
exit $FAILCOUNT
From vda.linux at googlemail.com Tue Dec 13 13:26:20 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 13 Dec 2022 14:26:20 +0100
Subject: [git commit] loop: refactor: extract subfunction set_loopdev_params()
Message-ID: <20221213141315.53A0486422@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=a1856934ba795f81546f5dd9a14ba4faa757ce52
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Extract subfunction set_loop_info() from set_loop()
function old new delta
set_loop 760 784 +24
Signed-off-by: Xiaoming Ni
Signed-off-by: Denys Vlasenko
---
libbb/loop.c | 90 ++++++++++++++++++++++++++++++++++--------------------------
1 file changed, 51 insertions(+), 39 deletions(-)
diff --git a/libbb/loop.c b/libbb/loop.c
index 256b7ac90..424c39216 100644
--- a/libbb/loop.c
+++ b/libbb/loop.c
@@ -110,6 +110,51 @@ static int get_next_free_loop(char *dev, int id)
return loopdevno;
}
+static int set_loopdev_params(int ffd,
+ int lfd, const char *file,
+ unsigned long long offset,
+ unsigned long long sizelimit,
+ unsigned flags)
+{
+ int rc;
+ bb_loop_info loopinfo;
+
+ rc = ioctl(lfd, BB_LOOP_GET_STATUS, &loopinfo);
+
+ /* If device is free, try to claim it */
+ if (rc && errno == ENXIO) {
+ /* Associate free loop device with file */
+ rc = ioctl(lfd, LOOP_SET_FD, ffd);
+ if (rc != 0) {
+ /* Ouch... race: the device already has a fd */
+ return -1;
+ }
+ memset(&loopinfo, 0, sizeof(loopinfo));
+ safe_strncpy((char *)loopinfo.lo_file_name, file, LO_NAME_SIZE);
+ loopinfo.lo_offset = offset;
+ loopinfo.lo_sizelimit = sizelimit;
+ /*
+ * Used by mount to set LO_FLAGS_AUTOCLEAR.
+ * LO_FLAGS_READ_ONLY is not set because RO is controlled by open type of the file.
+ * Note that closing LO_FLAGS_AUTOCLEARed lfd before mount
+ * is wrong (would free the loop device!)
+ */
+ loopinfo.lo_flags = (flags & ~BB_LO_FLAGS_READ_ONLY);
+ rc = ioctl(lfd, BB_LOOP_SET_STATUS, &loopinfo);
+ if (rc != 0 && (loopinfo.lo_flags & BB_LO_FLAGS_AUTOCLEAR)) {
+ /* Old kernel, does not support LO_FLAGS_AUTOCLEAR? */
+ /* (this code path is not tested) */
+ loopinfo.lo_flags -= BB_LO_FLAGS_AUTOCLEAR;
+ rc = ioctl(lfd, BB_LOOP_SET_STATUS, &loopinfo);
+ }
+ if (rc == 0)
+ return rc; /* SUCCESS! */
+ /* failure, undo LOOP_SET_FD */
+ ioctl(lfd, LOOP_CLR_FD, 0); // actually, 0 param is unnecessary
+ }
+ return -1;
+}
+
/* Returns opened fd to the loop device, <0 on error.
* *device is loop device to use, or if *device==NULL finds a loop device to
* mount it on and sets *device to a strdup of that loop device name.
@@ -119,7 +164,6 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
{
char dev[LOOP_NAMESIZE];
char *try;
- bb_loop_info loopinfo;
struct stat statbuf;
int i, lfd, ffd, mode, rc;
@@ -183,45 +227,13 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
goto try_next_loopN;
}
- rc = ioctl(lfd, BB_LOOP_GET_STATUS, &loopinfo);
-
- /* If device is free, try to claim it */
- if (rc && errno == ENXIO) {
- /* Associate free loop device with file */
- rc = ioctl(lfd, LOOP_SET_FD, ffd);
- if (rc != 0) {
- /* Ouch... race: the device already has a fd */
- goto close_and_try_next_loopN;
- }
- memset(&loopinfo, 0, sizeof(loopinfo));
- safe_strncpy((char *)loopinfo.lo_file_name, file, LO_NAME_SIZE);
- loopinfo.lo_offset = offset;
- loopinfo.lo_sizelimit = sizelimit;
- /*
- * Used by mount to set LO_FLAGS_AUTOCLEAR.
- * LO_FLAGS_READ_ONLY is not set because RO is controlled by open type of the file.
- * Note that closing LO_FLAGS_AUTOCLEARed lfd before mount
- * is wrong (would free the loop device!)
- */
- loopinfo.lo_flags = (flags & ~BB_LO_FLAGS_READ_ONLY);
- rc = ioctl(lfd, BB_LOOP_SET_STATUS, &loopinfo);
- if (rc != 0 && (loopinfo.lo_flags & BB_LO_FLAGS_AUTOCLEAR)) {
- /* Old kernel, does not support LO_FLAGS_AUTOCLEAR? */
- /* (this code path is not tested) */
- loopinfo.lo_flags -= BB_LO_FLAGS_AUTOCLEAR;
- rc = ioctl(lfd, BB_LOOP_SET_STATUS, &loopinfo);
- }
- if (rc == 0) {
- /* SUCCESS! */
- if (!*device) /* was looping in search of free "/dev/loopN"? */
- *device = xstrdup(dev);
- rc = lfd; /* return this */
- break;
- }
- /* failure, undo LOOP_SET_FD */
- ioctl(lfd, LOOP_CLR_FD, 0); // actually, 0 param is unnecessary
+ rc = set_loopdev_params(ffd, lfd, file, offset, sizelimit, flags);
+ if (rc == 0) {
+ /* SUCCESS! */
+ if (!*device)
+ *device = xstrdup(dev);
+ break;
}
- close_and_try_next_loopN:
close(lfd);
try_next_loopN:
rc = -1;
From vda.linux at googlemail.com Tue Dec 13 14:21:28 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 13 Dec 2022 15:21:28 +0100
Subject: [git commit] loop: optionally use ioctl(LOOP_CONFIGURE) to set up
loopdevs
Message-ID: <20221213142236.0E6B586467@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=45734a23515b3e1f2305ad33dc22d1bc69e3cba6
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
LOOP_CONFIGURE is added to Linux 5.8
function old new delta
NO_LOOP_CONFIGURE (old code):
set_loop 784 782 -2
LOOP_CONFIGURE:
set_loop 784 653 -131
TRY_LOOP_CONFIGURE:
set_loop 784 811 +27
Based on a patch by Xiaoming Ni
Signed-off-by: Denys Vlasenko
---
libbb/Config.src | 22 ++++++++++++++++++++++
libbb/loop.c | 52 +++++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 65 insertions(+), 9 deletions(-)
diff --git a/libbb/Config.src b/libbb/Config.src
index 66a3ffa23..b980f19a9 100644
--- a/libbb/Config.src
+++ b/libbb/Config.src
@@ -369,3 +369,25 @@ config UNICODE_PRESERVE_BROKEN
For example, this means that entering 'l', 's', ' ', 0xff, [Enter]
at shell prompt will list file named 0xff (single char name
with char value 255), not file named '?'.
+
+choice
+ prompt "Use LOOP_CONFIGURE for losetup and loop mounts"
+ default TRY_LOOP_CONFIGURE
+ help
+ LOOP_CONFIGURE is added to Linux 5.8
+ https://lwn.net/Articles/820408/
+ This allows userspace to completely setup a loop device with a single
+ ioctl, removing the in-between state where the device can be partially
+ configured - eg the loop device has a backing file associated with it,
+ but is reading from the wrong offset.
+
+config LOOP_CONFIGURE
+ bool "use LOOP_CONFIGURE, needs kernel >= 5.8"
+
+config NO_LOOP_CONFIGURE
+ bool "use LOOP_SET_FD + LOOP_SET_STATUS"
+
+config TRY_LOOP_CONFIGURE
+ bool "try LOOP_CONFIGURE, fall back to LOOP_SET_FD + LOOP_SET_STATUS"
+
+endchoice
diff --git a/libbb/loop.c b/libbb/loop.c
index 424c39216..e930b1b1f 100644
--- a/libbb/loop.c
+++ b/libbb/loop.c
@@ -110,26 +110,39 @@ static int get_next_free_loop(char *dev, int id)
return loopdevno;
}
-static int set_loopdev_params(int ffd,
- int lfd, const char *file,
+#if ENABLE_TRY_LOOP_CONFIGURE || ENABLE_LOOP_CONFIGURE
+# define LOOP_CONFIGURE 0x4C0A
+struct loop_config {
+ uint32_t fd;
+ uint32_t block_size;
+ struct loop_info64 info;
+ uint64_t __reserved[8];
+};
+#endif
+
+static int set_loopdev_params(int lfd,
+ int ffd, const char *file,
unsigned long long offset,
unsigned long long sizelimit,
unsigned flags)
{
int rc;
+#if ENABLE_TRY_LOOP_CONFIGURE || ENABLE_LOOP_CONFIGURE
+ struct loop_config lconfig;
+# define loopinfo lconfig.info
+#else
bb_loop_info loopinfo;
+#endif
rc = ioctl(lfd, BB_LOOP_GET_STATUS, &loopinfo);
/* If device is free, try to claim it */
if (rc && errno == ENXIO) {
- /* Associate free loop device with file */
- rc = ioctl(lfd, LOOP_SET_FD, ffd);
- if (rc != 0) {
- /* Ouch... race: the device already has a fd */
- return -1;
- }
+#if ENABLE_TRY_LOOP_CONFIGURE || ENABLE_LOOP_CONFIGURE
+ memset(&lconfig, 0, sizeof(lconfig));
+#else
memset(&loopinfo, 0, sizeof(loopinfo));
+#endif
safe_strncpy((char *)loopinfo.lo_file_name, file, LO_NAME_SIZE);
loopinfo.lo_offset = offset;
loopinfo.lo_sizelimit = sizelimit;
@@ -140,6 +153,25 @@ static int set_loopdev_params(int ffd,
* is wrong (would free the loop device!)
*/
loopinfo.lo_flags = (flags & ~BB_LO_FLAGS_READ_ONLY);
+
+#if ENABLE_TRY_LOOP_CONFIGURE || ENABLE_LOOP_CONFIGURE
+ lconfig.fd = ffd;
+ rc = ioctl(lfd, LOOP_CONFIGURE, &lconfig);
+ if (rc == 0)
+ return rc; /* SUCCESS! */
+# if ENABLE_TRY_LOOP_CONFIGURE
+ if (errno != EINVAL)
+ return rc; /* error other than old kernel */
+ /* Old kernel, fall through into old way to do it: */
+# endif
+#endif
+#if ENABLE_TRY_LOOP_CONFIGURE || ENABLE_NO_LOOP_CONFIGURE
+ /* Associate free loop device with file */
+ rc = ioctl(lfd, LOOP_SET_FD, ffd);
+ if (rc != 0) {
+ /* Ouch... race: the device already has a fd */
+ return rc;
+ }
rc = ioctl(lfd, BB_LOOP_SET_STATUS, &loopinfo);
if (rc != 0 && (loopinfo.lo_flags & BB_LO_FLAGS_AUTOCLEAR)) {
/* Old kernel, does not support LO_FLAGS_AUTOCLEAR? */
@@ -151,8 +183,10 @@ static int set_loopdev_params(int ffd,
return rc; /* SUCCESS! */
/* failure, undo LOOP_SET_FD */
ioctl(lfd, LOOP_CLR_FD, 0); // actually, 0 param is unnecessary
+#endif
}
return -1;
+#undef loopinfo
}
/* Returns opened fd to the loop device, <0 on error.
@@ -227,7 +261,7 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
goto try_next_loopN;
}
- rc = set_loopdev_params(ffd, lfd, file, offset, sizelimit, flags);
+ rc = set_loopdev_params(lfd, ffd, file, offset, sizelimit, flags);
if (rc == 0) {
/* SUCCESS! */
if (!*device)
From vda.linux at googlemail.com Tue Dec 13 14:52:52 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 13 Dec 2022 15:52:52 +0100
Subject: [git commit] loop: restore the correct return vaule of set_loop()
Message-ID: <20221213145325.65F748649E@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=a55bd1c4847dda99cf9e65519ed67f3bcc9786d8
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
It is only used by mount's error path, though...
Signed-off-by: Denys Vlasenko
---
libbb/loop.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libbb/loop.c b/libbb/loop.c
index e930b1b1f..ffc8acd39 100644
--- a/libbb/loop.c
+++ b/libbb/loop.c
@@ -147,10 +147,8 @@ static int set_loopdev_params(int lfd,
loopinfo.lo_offset = offset;
loopinfo.lo_sizelimit = sizelimit;
/*
- * Used by mount to set LO_FLAGS_AUTOCLEAR.
- * LO_FLAGS_READ_ONLY is not set because RO is controlled by open type of the file.
- * Note that closing LO_FLAGS_AUTOCLEARed lfd before mount
- * is wrong (would free the loop device!)
+ * LO_FLAGS_READ_ONLY is not set because RO is controlled
+ * by open type of the lfd.
*/
loopinfo.lo_flags = (flags & ~BB_LO_FLAGS_READ_ONLY);
@@ -266,6 +264,12 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
/* SUCCESS! */
if (!*device)
*device = xstrdup(dev);
+ /* Note: mount asks for LO_FLAGS_AUTOCLEAR loopdev.
+ * Closing LO_FLAGS_AUTOCLEARed lfd before mount
+ * is wrong (would free the loop device!),
+ * this is why we return without closing it.
+ */
+ rc = lfd; /* return this */
break;
}
close(lfd);
From vda.linux at googlemail.com Tue Dec 13 15:00:00 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 13 Dec 2022 16:00:00 +0100
Subject: [git commit] libbb: shrink del_loop()
Message-ID: <20221213150200.16FEF864E5@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=7710250e4a610ae6a4d8f6feb5500f16f82d19f4
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
del_loop 52 49 -3
Signed-off-by: Denys Vlasenko
---
libbb/loop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libbb/loop.c b/libbb/loop.c
index ffc8acd39..95c4a34e2 100644
--- a/libbb/loop.c
+++ b/libbb/loop.c
@@ -71,7 +71,7 @@ int FAST_FUNC del_loop(const char *device)
fd = open(device, O_RDONLY);
if (fd < 0)
- return 1;
+ return fd; /* -1 */
rc = ioctl(fd, LOOP_CLR_FD, 0);
close(fd);
From vda.linux at googlemail.com Tue Dec 13 22:21:59 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Tue, 13 Dec 2022 23:21:59 +0100
Subject: [git commit] udhcpc6: remove stray comment
Message-ID: <20221213222222.6130786658@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=9898db4c948b9610608a4adda0f1389052c656be
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/udhcp/d6_dhcpc.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c
index c7f130a70..fd196eb67 100644
--- a/networking/udhcp/d6_dhcpc.c
+++ b/networking/udhcp/d6_dhcpc.c
@@ -890,7 +890,6 @@ int send_d6_release(struct in6_addr *server_ipv6, struct in6_addr *our_cur_ipv6)
if (client6_data.ia_pd)
opt_ptr = mempcpy(opt_ptr, client6_data.ia_pd, client6_data.ia_pd->len + 2+2);
/* Client-id */
-///vda
ci = udhcp_find_option(client_data.options, D6_OPT_CLIENTID, /*dhcpv6:*/ 1);
if (ci)
opt_ptr = mempcpy(opt_ptr, ci->data, D6_OPT_DATA + 2+2 + 6);
From vda.linux at googlemail.com Tue Dec 13 23:36:59 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Wed, 14 Dec 2022 00:36:59 +0100
Subject: [git commit] udhcpc6: add some comments
Message-ID: <20221213233741.328B586662@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=e977853e70d4a8c346a1ad765fc8353ce0e2ced8
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
RFCs for DHCPv6 are written rather badly...
Signed-off-by: Denys Vlasenko
---
networking/udhcp/d6_common.h | 41 +++++++++++++++++++++++++++++------------
networking/udhcp/d6_dhcpc.c | 10 ++++++++++
2 files changed, 39 insertions(+), 12 deletions(-)
diff --git a/networking/udhcp/d6_common.h b/networking/udhcp/d6_common.h
index 9dfde7709..3cbfbb89e 100644
--- a/networking/udhcp/d6_common.h
+++ b/networking/udhcp/d6_common.h
@@ -63,28 +63,45 @@ struct d6_option {
#define D6_OPT_CLIENTID 1
#define D6_OPT_SERVERID 2
+/* "Identity Association for Non-temporary Addresses",
+ * also known as a "network interface" in plain English */
#define D6_OPT_IA_NA 3
-#define D6_OPT_IA_TA 4
+/* "Identity Association for the Temporary Addresses".
+ * Presumably this is a "network interface with only link-local addresses".
+ * Why would DHCPv6 server assign such addresses, I have no idea. */
+//#define D6_OPT_IA_TA 4
+/* "IA Address", an IPv6 address */
#define D6_OPT_IAADDR 5
+/* Option "Option Request Option". From the owners of a doggy dog named Dog? */
#define D6_OPT_ORO 6
-#define D6_OPT_PREFERENCE 7
+//#define D6_OPT_PREFERENCE 7
#define D6_OPT_ELAPSED_TIME 8
-#define D6_OPT_RELAY_MSG 9
-#define D6_OPT_AUTH 11
-#define D6_OPT_UNICAST 12
+//#define D6_OPT_RELAY_MSG 9
+//#define D6_OPT_AUTH 11
+/* "The server sends this option to a client to indicate to the client
+ * that it is allowed to unicast messages to the server."
+ * Contains IPv6 address to send packets to. */
+//#define D6_OPT_UNICAST 12
+/* "A Status Code option may appear in the options field of a DHCP
+ * message and/or in the options field of another option." */
#define D6_OPT_STATUS_CODE 13
-#define D6_OPT_RAPID_COMMIT 14
-#define D6_OPT_USER_CLASS 15
-#define D6_OPT_VENDOR_CLASS 16
-#define D6_OPT_VENDOR_OPTS 17
-#define D6_OPT_INTERFACE_ID 18
-#define D6_OPT_RECONF_MSG 19
-#define D6_OPT_RECONF_ACCEPT 20
+/* "A client MAY include this option in a Solicit message if the client
+ * is prepared to perform the Solicit-Reply message exchange..." */
+//#define D6_OPT_RAPID_COMMIT 14 /* zero-length option */
+//#define D6_OPT_USER_CLASS 15
+//#define D6_OPT_VENDOR_CLASS 16
+//#define D6_OPT_VENDOR_OPTS 17
+//#define D6_OPT_INTERFACE_ID 18
+//#define D6_OPT_RECONF_MSG 19
+//#define D6_OPT_RECONF_ACCEPT 20
#define D6_OPT_DNS_SERVERS 23
#define D6_OPT_DOMAIN_LIST 24
+/* RFC 3633 "Identity Association for Prefix Delegation".
+ * This option says that client wants to get an IPv6 prefix */
#define D6_OPT_IA_PD 25
+/* Response from the server comes in this one */
#define D6_OPT_IAPREFIX 26
/* RFC 4704 "The DHCPv6 Client FQDN Option"
diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c
index fd196eb67..9384e4b9c 100644
--- a/networking/udhcp/d6_dhcpc.c
+++ b/networking/udhcp/d6_dhcpc.c
@@ -1617,6 +1617,16 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv)
prefix_timeout = 0;
option = d6_find_option(packet.d6_options, packet_end, D6_OPT_STATUS_CODE);
if (option && (option->data[0] | option->data[1]) != 0) {
+///FIXME:
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// | OPTION_STATUS_CODE | option-len |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// | status-code | |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+// . status-message .
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// so why do we think it's NAK if data[0] is zero but data[1] is not? That's wrong...
+// we should also check that option->len is ok (i.e. not 0), right?
/* return to init state */
bb_info_msg("received DHCP NAK (%u)", option->data[4]);
d6_run_script(packet.d6_options,
From bugzilla at busybox.net Wed Dec 14 11:39:33 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 14 Dec 2022 11:39:33 +0000
Subject: [Bug 14811] networking/nslookup.c parse_reply() CVE-2022-28391 patch
query
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=14811
--- Comment #3 from nikoleta.chalvatzi at atos.net ---
Thank you Mark for your effort. Mr. John Simner has retired, and i replaced
him.
--
You are receiving this mail because:
You are on the CC list for the bug.
From vda.linux at googlemail.com Wed Dec 14 15:05:43 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Wed, 14 Dec 2022 16:05:43 +0100
Subject: [git commit] more: accept and ignore -e
Message-ID: <20221214150555.4D6068666F@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=3636d52cbebe81e306b3571183232f6e8be730d1
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Accept and ignore -e which is specified in POSIX.
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/more.html
Signed-off-by: Natanael Copa
Signed-off-by: Denys Vlasenko
---
util-linux/more.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/util-linux/more.c b/util-linux/more.c
index eea69da06..a830dcbc1 100644
--- a/util-linux/more.c
+++ b/util-linux/more.c
@@ -84,11 +84,12 @@ int more_main(int argc UNUSED_PARAM, char **argv)
/* Parse options */
/* Accepted but ignored: */
/* -d Display help instead of ringing bell */
+ /* -e Exit immediately after writing the last line */
/* -f Count logical lines (IOW: long lines are not folded) */
/* -l Do not pause after any line containing a ^L (form feed) */
/* -s Squeeze blank lines into one */
/* -u Suppress underlining */
- getopt32(argv, "dflsu");
+ getopt32(argv, "deflsu");
argv += optind;
/* Another popular pager, most, detects when stdout
From vda.linux at googlemail.com Thu Dec 15 10:49:00 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Thu, 15 Dec 2022 11:49:00 +0100
Subject: [git commit] udhcpc6: align FF02__1_2[]
Message-ID: <20221215105133.EEFC886714@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=301ef96892939498ceb0a70e1f523ba9a7a7b9c1
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/udhcp/common.h | 3 ++-
networking/udhcp/d6_dhcpc.c | 2 +-
networking/udhcp/d6_packet.c | 5 ++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
index 5882238e3..49a0b593d 100644
--- a/networking/udhcp/common.h
+++ b/networking/udhcp/common.h
@@ -370,7 +370,8 @@ void udhcp_sp_setup(void) FAST_FUNC;
void udhcp_sp_fd_set(struct pollfd *pfds, int extra_fd) FAST_FUNC;
int udhcp_sp_read(void) FAST_FUNC;
-int udhcp_read_interface(const char *interface, int *ifindex, uint32_t *nip, uint8_t *mac) FAST_FUNC;
+int udhcp_read_interface(const char *interface,
+ int *ifindex, uint32_t *nip, uint8_t *mac) FAST_FUNC;
int udhcp_listen_socket(/*uint32_t ip,*/ int port, const char *inf) FAST_FUNC;
diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c
index 9384e4b9c..e49d752e6 100644
--- a/networking/udhcp/d6_dhcpc.c
+++ b/networking/udhcp/d6_dhcpc.c
@@ -548,7 +548,7 @@ static uint8_t *add_d6_client_options(uint8_t *ptr)
static int d6_mcast_from_client_data_ifindex(struct d6_packet *packet, uint8_t *end)
{
/* FF02::1:2 is "All_DHCP_Relay_Agents_and_Servers" address */
- static const uint8_t FF02__1_2[16] = {
+ static const uint8_t FF02__1_2[16] ALIGNED(sizeof(long)) = {
0xFF, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02,
};
diff --git a/networking/udhcp/d6_packet.c b/networking/udhcp/d6_packet.c
index c1949f6e3..aab1a9182 100644
--- a/networking/udhcp/d6_packet.c
+++ b/networking/udhcp/d6_packet.c
@@ -27,9 +27,8 @@ void FAST_FUNC d6_dump_packet(struct d6_packet *packet)
}
#endif
-int FAST_FUNC d6_recv_kernel_packet(struct in6_addr *peer_ipv6
- UNUSED_PARAM
- , struct d6_packet *packet, int fd)
+int FAST_FUNC d6_recv_kernel_packet(struct in6_addr *peer_ipv6 UNUSED_PARAM,
+ struct d6_packet *packet, int fd)
{
int bytes;
From vda.linux at googlemail.com Thu Dec 15 10:51:16 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Thu, 15 Dec 2022 11:51:16 +0100
Subject: [git commit] udhcpc6: use a different default config script
Message-ID: <20221215105134.03E538666C@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=242d0562307549af61b234bff545ca13474a2603
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/udhcp/Config.src | 7 ++++++-
networking/udhcp/d6_dhcpc.c | 4 ++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/networking/udhcp/Config.src b/networking/udhcp/Config.src
index 8c8c11c26..7ba7f48fc 100644
--- a/networking/udhcp/Config.src
+++ b/networking/udhcp/Config.src
@@ -92,12 +92,17 @@ config FEATURE_UDHCPC_SANITIZEOPT
config UDHCPC_DEFAULT_SCRIPT
string "Absolute path to config script"
default "/usr/share/udhcpc/default.script"
- depends on UDHCPC || UDHCPC6
+ depends on UDHCPC
help
This script is called after udhcpc receives an answer. See
examples/udhcp for a working example. Normally it is safe
to leave this untouched.
+config UDHCPC6_DEFAULT_SCRIPT
+ string "Absolute path to config script for IPv6"
+ default "/usr/share/udhcpc/default6.script"
+ depends on UDHCPC6
+
# udhcpc6 config is inserted here:
INSERT
diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c
index e49d752e6..cdd06188e 100644
--- a/networking/udhcp/d6_dhcpc.c
+++ b/networking/udhcp/d6_dhcpc.c
@@ -1134,7 +1134,7 @@ static void client_background(void)
//usage:#define udhcpc6_full_usage "\n"
//usage: "\n -i IFACE Interface to use (default "CONFIG_UDHCPC_DEFAULT_INTERFACE")"
//usage: "\n -p FILE Create pidfile"
-//usage: "\n -s PROG Run PROG at DHCP events (default "CONFIG_UDHCPC_DEFAULT_SCRIPT")"
+//usage: "\n -s PROG Run PROG at DHCP events (default "CONFIG_UDHCPC6_DEFAULT_SCRIPT")"
//usage: "\n -B Request broadcast replies"
//usage: "\n -t N Send up to N discover packets"
//usage: "\n -T SEC Pause between packets (default 3)"
@@ -1200,7 +1200,7 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv)
IF_FEATURE_UDHCP_PORT(SERVER_PORT6 = 547;)
IF_FEATURE_UDHCP_PORT(CLIENT_PORT6 = 546;)
client_data.interface = CONFIG_UDHCPC_DEFAULT_INTERFACE;
- client_data.script = CONFIG_UDHCPC_DEFAULT_SCRIPT;
+ client_data.script = CONFIG_UDHCPC6_DEFAULT_SCRIPT;
client_data.sockfd = -1;
/* Make sure fd 0,1,2 are open */
From vda.linux at googlemail.com Thu Dec 15 12:34:52 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Thu, 15 Dec 2022 13:34:52 +0100
Subject: [git commit] udhcp: add a few comments, no code changes
Message-ID: <20221215225809.1987A86723@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=6c2ddf808ed70bf515daf4d073411d86ec043550
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/udhcp/d6_packet.c | 10 ++++++++++
networking/udhcp/packet.c | 1 +
2 files changed, 11 insertions(+)
diff --git a/networking/udhcp/d6_packet.c b/networking/udhcp/d6_packet.c
index aab1a9182..142de9b43 100644
--- a/networking/udhcp/d6_packet.c
+++ b/networking/udhcp/d6_packet.c
@@ -80,12 +80,22 @@ int FAST_FUNC d6_send_raw_packet_from_client_data_ifindex(
dest_sll.sll_halen = 6;
memcpy(dest_sll.sll_addr, dest_arp, 6);
+//TODO: is bind() necessary? we sendto() to this destination, should work anyway
if (bind(fd, (struct sockaddr *)&dest_sll, sizeof(dest_sll)) < 0) {
msg = "bind(%s)";
goto ret_close;
}
packet.ip6.ip6_vfc = (6 << 4); /* 4 bits version, top 4 bits of tclass */
+// In case we have no IPv6 on our interface at all, we can try
+// to fill "all hosts" mcast address as source:
+// /* FF02::1 is Link-local "All_Nodes" address */
+// packet.ip6.ip6_dst.s6_addr[0] = 0xff;
+// packet.ip6.ip6_dst.s6_addr[1] = 0x02;
+// packet.ip6.ip6_dst.s6_addr[15] = 0x01;
+// Maybe some servers will be able to respond to us this way?
+// Users report that leaving ::0 address there makes servers try to reply to ::0,
+// which doesn't work.
if (src_ipv6)
packet.ip6.ip6_src = *src_ipv6; /* struct copy */
packet.ip6.ip6_dst = *dst_ipv6; /* struct copy */
diff --git a/networking/udhcp/packet.c b/networking/udhcp/packet.c
index 78f580ce9..529978189 100644
--- a/networking/udhcp/packet.c
+++ b/networking/udhcp/packet.c
@@ -133,6 +133,7 @@ int FAST_FUNC udhcp_send_raw_packet(struct dhcp_packet *dhcp_pkt,
dest_sll.sll_halen = 6;
memcpy(dest_sll.sll_addr, dest_arp, 6);
+//TODO: is bind() necessary? we sendto() to this destination, should work anyway
if (bind(fd, (struct sockaddr *)&dest_sll, sizeof(dest_sll)) < 0) {
msg = "bind(%s)";
goto ret_close;
From vda.linux at googlemail.com Thu Dec 15 22:57:27 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Thu, 15 Dec 2022 23:57:27 +0100
Subject: [git commit] udhcpc6: fix binding to network aliases
Message-ID: <20221215225809.2261F86724@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=02ca56564628de474f7a59dbdf3a1a8711b5bee7
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko
---
networking/udhcp/d6_socket.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/networking/udhcp/d6_socket.c b/networking/udhcp/d6_socket.c
index 21cf61c6e..acf108367 100644
--- a/networking/udhcp/d6_socket.c
+++ b/networking/udhcp/d6_socket.c
@@ -95,9 +95,6 @@ int FAST_FUNC d6_read_interface(
close(fd);
}
- if (retval == 0)
- return retval;
-
if (retval & (1<<0))
bb_error_msg("can't get %s", "MAC");
if (retval & (1<<1))
@@ -109,6 +106,7 @@ int FAST_FUNC d6_listen_socket(int port, const char *inf)
{
int fd;
struct sockaddr_in6 addr;
+ char *colon;
log2("opening listen socket on *:%d %s", port, inf);
fd = xsocket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP);
@@ -117,10 +115,17 @@ int FAST_FUNC d6_listen_socket(int port, const char *inf)
if (setsockopt_broadcast(fd) == -1)
bb_simple_perror_msg_and_die("SO_BROADCAST");
- /* NB: bug 1032 says this doesn't work on ethernet aliases (ethN:M) */
+ /* SO_BINDTODEVICE doesn't work on ethernet aliases (ethN:M) */
+ colon = strrchr(inf, ':');
+ if (colon)
+ *colon = '\0';
+
if (setsockopt_bindtodevice(fd, inf))
xfunc_die(); /* warning is already printed */
+ if (colon)
+ *colon = ':';
+
memset(&addr, 0, sizeof(addr));
addr.sin6_family = AF_INET6;
addr.sin6_port = htons(port);
From bugzilla at busybox.net Fri Dec 16 23:52:33 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Fri, 16 Dec 2022 23:52:33 +0000
Subject: [Bug 11506] Out of bounds read in udhcp_get_option()
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=11506
--- Comment #7 from Taha Khan ---
(In reply to ??? from comment #6)
">asd
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Fri Dec 16 23:54:43 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Fri, 16 Dec 2022 23:54:43 +0000
Subject: [Bug 11106] `install` command's -D flag doesn't work as intended
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=11106
--- Comment #2 from Taha Khan ---
Yes, this has been fixed now https://yt2mp3.id/youtube-to-mp3
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sat Dec 17 22:10:47 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sat, 17 Dec 2022 22:10:47 +0000
Subject: [Bug 15186] New: Allow permissions to be preserved when running as
non-root
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15186
Bug ID: 15186
Summary: Allow permissions to be preserved when running as
non-root
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: taaparthur at disroot.org
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9421
--> https://bugs.busybox.net/attachment.cgi?id=9421&action=edit
Patch to allow permissions to be preserved as non-root
Previously we explicitly checked our uid and if it wasn't 0, set
ARCHIVE_DONT_RESTORE_PERM flag. There wasn't a lot of info in the commit
message and this seems like a bug.
This commit effectively reverts ebad0294c9 and adds a test.
For my usecase, I built and tar-ed a package and wanted to untar it into a
chroot as a non-root user. busybox tar removed the setuid bit so programs like
`su` broke.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Tue Dec 20 14:31:51 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Tue, 20 Dec 2022 14:31:51 +0000
Subject: [Bug 15146] xargs: Allow running interactive commands with -o [PATCH]
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15146
--- Comment #1 from Denys Vlasenko ---
Buggy. You must not dup2 to stdin, you lose the original input.
+ if (dup2(*fd, STDIN_FILENO) != 0)
+ bb_error_msg_and_die("can't read from /dev/tty");
The error message is wrong. Anyway, use xdup2() which never returns failure.
+ if ((fd = xopen("/dev/tty", O_RDONLY)) == -1)
+ bb_error_msg_and_die("can't open /dev/tty");
xopen() never returns -1.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Thu Dec 22 09:38:53 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Thu, 22 Dec 2022 09:38:53 +0000
Subject: [Bug 15146] xargs: Allow running interactive commands with -o [PATCH]
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15146
Denys Vlasenko changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #2 from Denys Vlasenko ---
Fixed in git.
--
You are receiving this mail because:
You are on the CC list for the bug.
From vda.linux at googlemail.com Thu Dec 22 09:38:08 2022
From: vda.linux at googlemail.com (Denys Vlasenko)
Date: Thu, 22 Dec 2022 10:38:08 +0100
Subject: [git commit] xargs: implement -o, closes 15146
Message-ID: <20221222093909.D679786D2A@busybox.osuosl.org>
commit: https://git.busybox.net/busybox/commit/?id=c4d296aa7c71d3dd812497c02c976124b66a0ff9
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
.rodata 105225 105259 +34
d6_listen_socket 150 180 +30
packed_usage 34512 34532 +20
d6_read_interface 595 581 -14
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/1 up/down: 84/-14) Total: 70 bytes
Signed-off-by: Denys Vlasenko
---
findutils/xargs.c | 85 +++++++++++++++++++++++++++++++++----------------------
1 file changed, 51 insertions(+), 34 deletions(-)
diff --git a/findutils/xargs.c b/findutils/xargs.c
index 90ff05986..067ef41c5 100644
--- a/findutils/xargs.c
+++ b/findutils/xargs.c
@@ -111,6 +111,8 @@ struct globals {
#endif
const char *eof_str;
int idx;
+ int fd_tty;
+ int fd_stdin;
#if ENABLE_FEATURE_XARGS_SUPPORT_PARALLEL
int running_procs;
int max_procs;
@@ -140,6 +142,42 @@ struct globals {
IF_FEATURE_XARGS_SUPPORT_QUOTES(G.process_stdin__q = '\0';) \
} while (0)
+/* Correct regardless of combination of CONFIG_xxx */
+enum {
+ OPTBIT_VERBOSE = 0,
+ OPTBIT_NO_EMPTY,
+ OPTBIT_UPTO_NUMBER,
+ OPTBIT_UPTO_SIZE,
+ OPTBIT_EOF_STRING,
+ OPTBIT_EOF_STRING1,
+ OPTBIT_STDIN_TTY,
+ IF_FEATURE_XARGS_SUPPORT_CONFIRMATION(OPTBIT_INTERACTIVE,)
+ IF_FEATURE_XARGS_SUPPORT_TERMOPT( OPTBIT_TERMINATE ,)
+ IF_FEATURE_XARGS_SUPPORT_ZERO_TERM( OPTBIT_ZEROTERM ,)
+ IF_FEATURE_XARGS_SUPPORT_REPL_STR( OPTBIT_REPLSTR ,)
+ IF_FEATURE_XARGS_SUPPORT_REPL_STR( OPTBIT_REPLSTR1 ,)
+
+ OPT_VERBOSE = 1 << OPTBIT_VERBOSE ,
+ OPT_NO_EMPTY = 1 << OPTBIT_NO_EMPTY ,
+ OPT_UPTO_NUMBER = 1 << OPTBIT_UPTO_NUMBER,
+ OPT_UPTO_SIZE = 1 << OPTBIT_UPTO_SIZE ,
+ OPT_EOF_STRING = 1 << OPTBIT_EOF_STRING , /* GNU: -e[] */
+ OPT_EOF_STRING1 = 1 << OPTBIT_EOF_STRING1, /* SUS: -E */
+ OPT_STDIN_TTY = 1 << OPTBIT_STDIN_TTY,
+ OPT_INTERACTIVE = IF_FEATURE_XARGS_SUPPORT_CONFIRMATION((1 << OPTBIT_INTERACTIVE)) + 0,
+ OPT_TERMINATE = IF_FEATURE_XARGS_SUPPORT_TERMOPT( (1 << OPTBIT_TERMINATE )) + 0,
+ OPT_ZEROTERM = IF_FEATURE_XARGS_SUPPORT_ZERO_TERM( (1 << OPTBIT_ZEROTERM )) + 0,
+ OPT_REPLSTR = IF_FEATURE_XARGS_SUPPORT_REPL_STR( (1 << OPTBIT_REPLSTR )) + 0,
+ OPT_REPLSTR1 = IF_FEATURE_XARGS_SUPPORT_REPL_STR( (1 << OPTBIT_REPLSTR1 )) + 0,
+};
+#define OPTION_STR "+trn:s:e::E:o" \
+ IF_FEATURE_XARGS_SUPPORT_CONFIRMATION("p") \
+ IF_FEATURE_XARGS_SUPPORT_TERMOPT( "x") \
+ IF_FEATURE_XARGS_SUPPORT_ZERO_TERM( "0") \
+ IF_FEATURE_XARGS_SUPPORT_REPL_STR( "I:i::") \
+ IF_FEATURE_XARGS_SUPPORT_PARALLEL( "P:+") \
+ IF_FEATURE_XARGS_SUPPORT_ARGS_FILE( "a:")
+
/*
* Returns 0 if xargs should continue (but may set G.xargs_exitcode to 123).
@@ -151,6 +189,9 @@ static int xargs_exec(void)
{
int status;
+ if (option_mask32 & OPT_STDIN_TTY)
+ xdup2(G.fd_tty, STDIN_FILENO);
+
#if !ENABLE_FEATURE_XARGS_SUPPORT_PARALLEL
status = spawn_and_wait(G.args);
#else
@@ -237,6 +278,8 @@ static int xargs_exec(void)
ret:
if (status != 0)
G.xargs_exitcode = status;
+ if (option_mask32 & OPT_STDIN_TTY)
+ xdup2(G.fd_stdin, STDIN_FILENO);
return status;
}
@@ -542,6 +585,7 @@ static int xargs_ask_confirmation(void)
//usage: IF_FEATURE_XARGS_SUPPORT_ARGS_FILE(
//usage: "\n -a FILE Read from FILE instead of stdin"
//usage: )
+//usage: "\n -o Reopen stdin as /dev/tty"
//usage: "\n -r Don't run command if input is empty"
//usage: "\n -t Print the command on stderr before execution"
//usage: IF_FEATURE_XARGS_SUPPORT_CONFIRMATION(
@@ -563,40 +607,6 @@ static int xargs_ask_confirmation(void)
//usage: "$ ls | xargs gzip\n"
//usage: "$ find . -name '*.c' -print | xargs rm\n"
-/* Correct regardless of combination of CONFIG_xxx */
-enum {
- OPTBIT_VERBOSE = 0,
- OPTBIT_NO_EMPTY,
- OPTBIT_UPTO_NUMBER,
- OPTBIT_UPTO_SIZE,
- OPTBIT_EOF_STRING,
- OPTBIT_EOF_STRING1,
- IF_FEATURE_XARGS_SUPPORT_CONFIRMATION(OPTBIT_INTERACTIVE,)
- IF_FEATURE_XARGS_SUPPORT_TERMOPT( OPTBIT_TERMINATE ,)
- IF_FEATURE_XARGS_SUPPORT_ZERO_TERM( OPTBIT_ZEROTERM ,)
- IF_FEATURE_XARGS_SUPPORT_REPL_STR( OPTBIT_REPLSTR ,)
- IF_FEATURE_XARGS_SUPPORT_REPL_STR( OPTBIT_REPLSTR1 ,)
-
- OPT_VERBOSE = 1 << OPTBIT_VERBOSE ,
- OPT_NO_EMPTY = 1 << OPTBIT_NO_EMPTY ,
- OPT_UPTO_NUMBER = 1 << OPTBIT_UPTO_NUMBER,
- OPT_UPTO_SIZE = 1 << OPTBIT_UPTO_SIZE ,
- OPT_EOF_STRING = 1 << OPTBIT_EOF_STRING , /* GNU: -e[] */
- OPT_EOF_STRING1 = 1 << OPTBIT_EOF_STRING1, /* SUS: -E */
- OPT_INTERACTIVE = IF_FEATURE_XARGS_SUPPORT_CONFIRMATION((1 << OPTBIT_INTERACTIVE)) + 0,
- OPT_TERMINATE = IF_FEATURE_XARGS_SUPPORT_TERMOPT( (1 << OPTBIT_TERMINATE )) + 0,
- OPT_ZEROTERM = IF_FEATURE_XARGS_SUPPORT_ZERO_TERM( (1 << OPTBIT_ZEROTERM )) + 0,
- OPT_REPLSTR = IF_FEATURE_XARGS_SUPPORT_REPL_STR( (1 << OPTBIT_REPLSTR )) + 0,
- OPT_REPLSTR1 = IF_FEATURE_XARGS_SUPPORT_REPL_STR( (1 << OPTBIT_REPLSTR1 )) + 0,
-};
-#define OPTION_STR "+trn:s:e::E:" \
- IF_FEATURE_XARGS_SUPPORT_CONFIRMATION("p") \
- IF_FEATURE_XARGS_SUPPORT_TERMOPT( "x") \
- IF_FEATURE_XARGS_SUPPORT_ZERO_TERM( "0") \
- IF_FEATURE_XARGS_SUPPORT_REPL_STR( "I:i::") \
- IF_FEATURE_XARGS_SUPPORT_PARALLEL( "P:+") \
- IF_FEATURE_XARGS_SUPPORT_ARGS_FILE( "a:")
-
int xargs_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int xargs_main(int argc UNUSED_PARAM, char **argv)
{
@@ -726,6 +736,13 @@ int xargs_main(int argc UNUSED_PARAM, char **argv)
store_param(argv[i]);
}
+ if (opt & OPT_STDIN_TTY) {
+ G.fd_tty = xopen(CURRENT_TTY, O_RDONLY);
+ close_on_exec_on(G.fd_tty);
+ G.fd_stdin = dup(STDIN_FILENO);
+ close_on_exec_on(G.fd_stdin);
+ }
+
initial_idx = G.idx;
while (1) {
char *rem;
From bugzilla at busybox.net Sun Dec 25 02:46:46 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 25 Dec 2022 02:46:46 +0000
Subject: [Bug 15206] New: traceroute -I -6 does not function
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15206
Bug ID: 15206
Summary: traceroute -I -6 does not function
Product: Busybox
Version: 1.35.x
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Networking
Assignee: unassigned at busybox.net
Reporter: dave-busybox at centerclick.org
CC: busybox-cvs at busybox.net
Target Milestone: ---
The combination of -I and -6 does not work for traceroute.
packet6_ok() only hanldes UDP nexthdr not ICMP6.
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Dec 25 03:19:52 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 25 Dec 2022 03:19:52 +0000
Subject: [Bug 15206] traceroute -I -6 does not function
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15206
--- Comment #1 from dave-busybox at centerclick.org ---
Created attachment 9436
--> https://bugs.busybox.net/attachment.cgi?id=9436&action=edit
patch to fix
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Sun Dec 25 13:42:49 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Sun, 25 Dec 2022 13:42:49 +0000
Subject: [Bug 15211] New: Segmentation fault in ls -l
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15211
Bug ID: 15211
Summary: Segmentation fault in ls -l
Product: Busybox
Version: 1.35.x
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: ja at sdomi.pl
CC: busybox-cvs at busybox.net
Target Milestone: ---
In case of an abnormally high date stored on the fs, busybox's ls -la crashes
on trying to display it. I have experienced this when interfacing with an NTFS3
filesystem which has invalid dates stored in some of the file metadata.
```
(gdb) r -la
Starting program: /bin/ls -la
total 2102692
drwxrwxrwx 1 root root 5804032 Dec 25 12:57 .
drwxr-xr-x 6 root root 4096 Dec 25 11:17 ..
-rwxr-xr-x 1 root root 0 Dec 25 00:39 AUTOEXEC.BAT
-rwxr-xr-x 1 root root 0 Dec 25 00:39 CONFIG.SYS
-r-xr-xr-x 1 root root 0 Dec 25 00:39 IO.SYS
-rw-r--r-- 1 domi domi 523500 Dec 25 13:31 LegacyUpdate-1.3.exe
Program received signal SIGSEGV, Segmentation fault.
__asctime_r (tm=0x7ffff7ffd4c0 , buf=0x7ffff7ffdd40 "Wed May 8
04:52:15 23697") at src/time/asctime_r.c:23
23 src/time/asctime_r.c: No such file or directory.
(gdb) bt
#0 __asctime_r (tm=0x7ffff7ffd4c0 ,
buf=0x7ffff7ffdd40 "Wed May 8 04:52:15 23697")
at src/time/asctime_r.c:23
#1 0x00005555555d12c1 in ?? ()
#2 0x00007fffffffe898 in ?? ()
#3 0x0000000000000000 in ?? ()
(gdb)
```
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Wed Dec 28 08:54:16 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Wed, 28 Dec 2022 08:54:16 +0000
Subject: [Bug 15216] New: There is a stack overflower in ash of busybox. Here
is asan report.
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15216
Bug ID: 15216
Summary: There is a stack overflower in ash of busybox. Here is
asan report.
Product: Busybox
Version: 1.35.x
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: 79167666 at qq.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 9441
--> https://bugs.busybox.net/attachment.cgi?id=9441&action=edit
./busybox_unstripped < poc
Discoverer: focu5 at Vlab of Vecentek
> ./busybox_unstripped < poc
=================================================================
==1034263==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address
0x7fffffffcdd8 at pc 0x000001352be8 bp 0x7fffffffcc50 sp 0x7fffffffcc48
WRITE of size 8 at 0x7fffffffcdd8 thread T0
#0 0x1352be7 in evaluate_string
/home/focus/Desktop/work/target/busybox/shell/math.c:639:21
#1 0x114b813 in ash_arith
/home/focus/Desktop/work/target/busybox/shell/ash.c:6030:11
#2 0x113c7b7 in substr_atoi
/home/focus/Desktop/work/target/busybox/shell/ash.c:6042:14
#3 0x113c7b7 in subevalvar
/home/focus/Desktop/work/target/busybox/shell/ash.c:7160:10
#4 0x112c76a in evalvar
/home/focus/Desktop/work/target/busybox/shell/ash.c:7665:6
#5 0x1125a33 in argstr
/home/focus/Desktop/work/target/busybox/shell/ash.c:6892:8
#6 0x11172e9 in expandarg
/home/focus/Desktop/work/target/busybox/shell/ash.c:8089:2
#7 0x118136f in fill_arglist
/home/focus/Desktop/work/target/busybox/shell/ash.c:8810:3
#8 0x10f7bf2 in evalcommand
/home/focus/Desktop/work/target/busybox/shell/ash.c:10337:8
#9 0x10e8af8 in evaltree
/home/focus/Desktop/work/target/busybox/shell/ash.c:9364:12
#10 0x10403d0 in evalstring
/home/focus/Desktop/work/target/busybox/shell/ash.c:13435:7
#11 0x102cb24 in ash_main
/home/focus/Desktop/work/target/busybox/shell/ash.c:14688:3
#12 0x56f31b in run_applet_no_and_exit
/home/focus/Desktop/work/target/busybox/libbb/appletlib.c:1004:23
#13 0x57133c in run_applet_and_exit
/home/focus/Desktop/work/target/busybox/libbb/appletlib.c:1022:4
#14 0x571009 in main
/home/focus/Desktop/work/target/busybox/libbb/appletlib.c:1182:13
#15 0x7ffff7c43082 in __libc_start_main
/build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#16 0x4200dd in _start
(/home/focus/Desktop/work/target/busybox/busybox_unstripped+0x4200dd)
Address 0x7fffffffcdd8 is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow
/home/focus/Desktop/work/target/busybox/shell/math.c:639:21 in evaluate_string
Shadow bytes around the buggy address:
0x10007fff7960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7980: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
0x10007fff7990: 02 cb cb cb cb cb cb cb ca ca ca ca 00 01 cb cb
0x10007fff79a0: cb cb cb cb ca ca ca ca 00 00 00 00 00 00 00 00
=>0x10007fff79b0: 00 00 00 00 00 00 00 00 cb cb cb[cb]f1 f1 f1 f1
0x10007fff79c0: 00 f2 f2 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00
0x10007fff79d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff79e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff79f0: f1 f1 f1 f1 00 00 00 00 f3 f3 f3 f3 00 00 00 00
0x10007fff7a00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1034263==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
From bugzilla at busybox.net Thu Dec 29 13:50:48 2022
From: bugzilla at busybox.net (bugzilla at busybox.net)
Date: Thu, 29 Dec 2022 13:50:48 +0000
Subject: [Bug 15216] There is a stack overflower in ash of busybox. Here is
asan report.
In-Reply-To:
References:
Message-ID:
https://bugs.busybox.net/show_bug.cgi?id=15216
--- Comment #1 from Ron Yorston ---
Created attachment 9446
--> https://bugs.busybox.net/attachment.cgi?id=9446&action=edit
shell: avoid segfault on ${0::0/0~09J}. Closes 15216
--
You are receiving this mail because:
You are on the CC list for the bug.