Re: [PATCH] Re: Possible Vulnerability in httpd.c

2016-11-21 Thread Denys Vlasenko
On Mon, Nov 21, 2016 at 8:18 PM, Simon Rettberg wrote: > On Mon, 21 Nov 2016 20:37:14 +0200 > Timo Teras wrote: >> >> It is still good practice to fill it with snprintf. If this is done, >> proper error checking should be done to check the

RE: copying multiple files

2016-11-21 Thread Cathey, Jim
So you've written a shell script that relies upon non-POSIX behavior, specifically GNU bash extensions, and it doesn't work in POSIX-ey ash. No big surprise. You will have to do it differently, or install bash on your target. Same dilemma everybody else faces when dealing with 'small' targets.

[PATCH 1/2] patch: fix debug log failure

2016-11-21 Thread Aaro Koskinen
If we reach the end of plist it means the input has still data while we are expecting EOF. Fix the log to avoid a crash. Signed-off-by: Aaro Koskinen --- editors/patch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/editors/patch.c b/editors/patch.c

[PATCH 2/2] patch: fix matching failure

2016-11-21 Thread Aaro Koskinen
Fix matching failure when plist is advanced while checking for buffered lines - the lines in the hunk that are about to be added should be skipped when checking for matching context. Also add a valid test case that fails with current busybox and is fixed by the change. Signed-off-by: Aaro

Re: copying multiple files

2016-11-21 Thread Ralf Friedl
David Henderson wrote: Good afternoon. I have several files in two different directories that I'm trying to copy in a destination using: cp -f /tmp/test/{a.txt,b.txt,c.txt} /tmp/test2/{1.txt,2.txt,3.txt} /tmp/dest This keeps failing. Is this implemented in BB? In general, and here in

Re: copying multiple files

2016-11-21 Thread David Henderson
Thanks again for your continued help Grant. Unfortunately the file names are not actually similar as in the example (e.g. help.txt, world.png, ...) so using braces won't help either. Any other thoughts? Currently I'm forced to use a combination of find and cp - ugh - just to reduce the number

Re: sed bug ?

2016-11-21 Thread Rob Landley
On 11/20/2016 03:47 PM, Denys Vlasenko wrote: > On Thu, Nov 17, 2016 at 10:56 AM, Timo Teras wrote: >> Hi, >> >> The following discrepancy happens on 1.25.1 (and git master) with musl >> c-library: >> >> ~ $ echo /usr/lib/ | sed 's,\(^/\|\)[^/][^/]*,..,g' >> ../../ >> >> ~ $

Re: copying multiple files

2016-11-21 Thread Grant Edwards
On 2016-11-21, David Henderson wrote: > On 11/21/16, Grant Edwards wrote: >> On 2016-11-21, David Henderson wrote: >> >>> cp -f /tmp/test/{a.txt,b.txt,c.txt} /tmp/test2/{1.txt,2.txt,3.txt} /tmp/dest >> >>> This

Re: copying multiple files

2016-11-21 Thread David Henderson
Hey Grant, thanks for the reply! Unfortunately that command will just echo what you type to the screen, not actually copy anything. Any other thoughts? Thanks, Dave On 11/21/16, Grant Edwards wrote: > On 2016-11-21, David Henderson

Re: copying multiple files

2016-11-21 Thread Grant Edwards
On 2016-11-21, David Henderson wrote: > Good afternoon. I have several files in two different directories > that I'm trying to copy in a destination using: > > cp -f /tmp/test/{a.txt,b.txt,c.txt} /tmp/test2/{1.txt,2.txt,3.txt} /tmp/dest > > This keeps failing. Is

copying multiple files

2016-11-21 Thread David Henderson
Good afternoon. I have several files in two different directories that I'm trying to copy in a destination using: cp -f /tmp/test/{a.txt,b.txt,c.txt} /tmp/test2/{1.txt,2.txt,3.txt} /tmp/dest This keeps failing. Is this implemented in BB? Thanks, Dave

Re: [PATCH] Re: Possible Vulnerability in httpd.c

2016-11-21 Thread Simon Rettberg
On Mon, 21 Nov 2016 20:37:14 +0200 Timo Teras wrote: > > It is still good practice to fill it with snprintf. If this is done, > proper error checking should be done to check the final 'len' that it > does not exceed IOBUF_SIZE or you have information leak bug (since >

Re: [PATCH] Re: Possible Vulnerability in httpd.c

2016-11-21 Thread Mattias Schlenker
Am 21.11.2016 um 18:08 schrieb walter harms: the only reason we need to buffer everything is because of IE whatever. Can someone confirm that this is still needed ? AFAIK this was a valid issue until IE6. IE versions 7 and up should have no problems with headers plus small HTML page in one

Re: [PATCH] Re: Possible Vulnerability in httpd.c

2016-11-21 Thread Timo Teras
On Mon, 21 Nov 2016 18:08:39 +0100 walter harms wrote: > but i have an other question, based to the comments in the code: > > * The arguments are combined and sent as one write operation. Note > that > * IE will puke big-time if the headers are not sent in one packet > and the

Re: [PATCH] Re: Possible Vulnerability in httpd.c

2016-11-21 Thread walter harms
Nice, but i have an other question, based to the comments in the code: * The arguments are combined and sent as one write operation. Note that * IE will puke big-time if the headers are not sent in one packet and the * second packet is delayed for any reason. the only reason we need to

[PATCH] Re: Possible Vulnerability in httpd.c

2016-11-21 Thread Jody Bruchon
On 2016-11-21 09:53, Raphael de Carvalho Muniz wrote: We understand that the resulting program may have vulnerabilities when the macro "#if ENABLE_FEATURE_HTTPD_RANGES" is enabled, by the fact of utilization that sprintf() function. Second the CWE Project, is the classified by CWE-134, where

Possible Vulnerability in httpd.c

2016-11-21 Thread Raphael de Carvalho Muniz
Dear Developers, I am a Computer Science Ph.D student at the Federal University of Campina Grande - Brazil, advised by Rohit Gheyi. We are investigating weakness in source code applied to configurable systems to identify if they may be a vulnerability of the system. We found in the commit