Re: patch to login, dmesg and obscure

Ronny,

> Hi
> I've discovered some bugs in the BusyBox unstable branch and since it doesn't 
> seem to fixed in the 1.0.0-pre1 release I created a patch with my changes. 
> Description below:
>
>
> * libbb/obscure.c:password_check()
> There was a buffer overflow bug which cased passwd command to segfault when 
> invoked by any other than the superuser.


from libbb/obscure.c:password_check()
        newmono = str_lower(bb_xstrdup(newval)); 

        lenwrap = strlen(old) * 2 + 1; 

        wrapped = (char *) xmalloc(lenwrap); 


wrapped have size(old) * 2 +1. This can`t overflow for rotate check.

> * util-linux/dmesg.c:
> If BusyBox was compiled with -DCONFIG_FEATURE_CLEAN_UP dmesg command segfaults 
> if invoked with the "-n" option. (Due to a free() of an uninitialized 
> pointer).

But,  CONFIG_FEATURE_CLEAN_UP is very not require.

You must add
#ifdef CONFIG_FEATURE_CLEAN_UP
 = NULL;
#endif

To your patch.


> diff -c -p -r busybox-1.00-pre1/libbb/obscure.c 
> t1/busybox-1.00-pre1/libbb/obscure.c

Please add -u option for diff!


--w
vodz