[BusyBox] Re: busybox-cvs Digest, Vol 28, Issue 19
Vladimir N. Oleynik
dzo at simtreas.ru
Thu Jul 21 08:33:05 UTC 2005
busybox-cvs-request at busybox.net wrote:
> Message: 6
> Subject: [BusyBox-cvs] svn commit: trunk/busybox/shell
> To: busybox-cvs at busybox.net
>
> Log:
> applying fix for:
> 0000261: Unsafe empty env var export in ash
>
>
> Modified:
> trunk/busybox/shell/ash.c
>
>
> Changeset:
> Modified: trunk/busybox/shell/ash.c
> ===================================================================
> --- trunk/busybox/shell/ash.c 2005-07-20 19:13:21 UTC (rev 10880)
> +++ trunk/busybox/shell/ash.c 2005-07-20 19:18:45 UTC (rev 10881)
> @@ -12001,9 +12001,8 @@
> }
> INTOFF;
> p = mempcpy(nameeq = ckmalloc(namelen + vallen + 2), name, namelen);
> - *p++ = '\0';
> + *p++ = '=';
> if (vallen) {
> - p[-1] = '=';
> p = mempcpy(p, val, vallen);
> }
> *p = '\0';
Yes. Such problem was present. But patch is not correct.
"\0\0" have special case.
True patch is:
p = mempcpy(nameeq = ckmalloc(namelen + vallen + 2), name, namelen);
*p++ = '\0';
- if (vallen) {
+ if (val) {
p[-1] = '=';
p = mempcpy(p, val, vallen);
}
*p = '\0';
Please!
Whether it is possible to add in FAQ the item containing about the following:
A: I have found a problem in applet XXX
Q: Check up, whether there is a problem in the original program from
which the port has been created. If this problem there is present,
address to the original author.
For example, this patch already as dash_0.5.2-6.diff from dash maintainer.
--w
vodz
More information about the busybox
mailing list