Steve Grubb writes:

Hello, I found and patched 2 more bugs. The first is a misplaced semi-colon. The second one is a buffer overflow. I doubt the buffer overflow is triggered in real life. But you never know what those wily hackers are up to. Thanks, Steve Grubb git-svn-id: svn://busybox.net/trunk/busybox@8804 69ca8d6d-28ef-0310-b511-8ec308f3f277
author: andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> 2004-05-05 10:37:49 +0000
committer: andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> 2004-05-05 10:37:49 +0000
commit: afd46d804b5217468b74a7a251b81a7fa195b77e (patch)
tree: 2a6a8e172ed56b1d5083626bf93028ac2678a8e9
parent: 9b91e664a7d0414a3284cb3c2412e4191fabe5c3 (diff)
download: busybox-w32-afd46d804b5217468b74a7a251b81a7fa195b77e.tar.gz
busybox-w32-afd46d804b5217468b74a7a251b81a7fa195b77e.tar.bz2
busybox-w32-afd46d804b5217468b74a7a251b81a7fa195b77e.zip
2 files changed, 3 insertions, 3 deletions
diff --git a/archival/tar.c b/archival/tar.c
index 9d50a101d..efdc46587 100644
--- a/archival/tar.c
+++ b/archival/tar.c
@@ -477,8 +477,8 @@ static inline int writeTarFile(const int tar_fd, const int verboseFlag,
                        dup2(gzipDataPipe[0], 0);
                        close(gzipDataPipe[1]);
-                        if (tbInfo.tarFd != 1);
+                        if (tbInfo.tarFd != 1)
-                        dup2(tbInfo.tarFd, 1);
+                                dup2(tbInfo.tarFd, 1);
                        close(gzipStatusPipe[0]);
                        fcntl(gzipStatusPipe[1], F_SETFD, FD_CLOEXEC);  /* close on exec shows sucess */
diff --git a/coreutils/dos2unix.c b/coreutils/dos2unix.c
index a21ed5bc3..c8cebcec7 100644
--- a/coreutils/dos2unix.c
+++ b/coreutils/dos2unix.c
@@ -64,7 +64,7 @@ static int convert(char *fn, int ConvType)
                c = strlen(tempFn);
                tempFn[c] = '.';
                while(1) {
-                    if (c >=BUFSIZ)
+                    if (c >=BUFSIZ-2)
                        bb_error_msg_and_die("unique name not found");
                    /* Get some semi random stuff to try and make a
                     * random filename based (and in the same dir as)
author	andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277>	2004-05-05 10:37:49 +0000
committer	andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277>	2004-05-05 10:37:49 +0000
commit	afd46d804b5217468b74a7a251b81a7fa195b77e (patch)
tree	2a6a8e172ed56b1d5083626bf93028ac2678a8e9
parent	9b91e664a7d0414a3284cb3c2412e4191fabe5c3 (diff)
download	busybox-w32-afd46d804b5217468b74a7a251b81a7fa195b77e.tar.gz busybox-w32-afd46d804b5217468b74a7a251b81a7fa195b77e.tar.bz2 busybox-w32-afd46d804b5217468b74a7a251b81a7fa195b77e.zip

diff --git a/archival/tar.c b/archival/tar.c index 9d50a101d..efdc46587 100644 --- a/archival/tar.c +++ b/archival/tar.c
@@ -477,8 +477,8 @@ static inline int writeTarFile(const int tar_fd, const int verboseFlag,
477	dup2(gzipDataPipe[0], 0);	477	dup2(gzipDataPipe[0], 0);
478	close(gzipDataPipe[1]);	478	close(gzipDataPipe[1]);
479		479
480	if (tbInfo.tarFd != 1);	480	if (tbInfo.tarFd != 1)
481	dup2(tbInfo.tarFd, 1);	481	dup2(tbInfo.tarFd, 1);
482		482
483	close(gzipStatusPipe[0]);	483	close(gzipStatusPipe[0]);
484	fcntl(gzipStatusPipe[1], F_SETFD, FD_CLOEXEC); /* close on exec shows sucess */	484	fcntl(gzipStatusPipe[1], F_SETFD, FD_CLOEXEC); /* close on exec shows sucess */


diff --git a/coreutils/dos2unix.c b/coreutils/dos2unix.c index a21ed5bc3..c8cebcec7 100644 --- a/coreutils/dos2unix.c +++ b/coreutils/dos2unix.c
@@ -64,7 +64,7 @@ static int convert(char *fn, int ConvType)
64	c = strlen(tempFn);	64	c = strlen(tempFn);
65	tempFn[c] = '.';	65	tempFn[c] = '.';
66	while(1) {	66	while(1) {
67	if (c >=BUFSIZ)	67	if (c >=BUFSIZ-2)
68	bb_error_msg_and_die("unique name not found");	68	bb_error_msg_and_die("unique name not found");
69	/* Get some semi random stuff to try and make a	69	/* Get some semi random stuff to try and make a
70	* random filename based (and in the same dir as)	70	* random filename based (and in the same dir as)