1. 12 Nov, 2013 1 commit
    • Michal Nazarewicz's avatar
      gen_init_cpio: avoid NULL pointer dereference and rework env expanding · c725ee54
      Michal Nazarewicz authored
      getenv() may return NULL if given environment variable does not exist
      which leads to NULL dereference when calling strncat.
      Besides that, the environment variable name was copied to a temporary
      env_var buffer, but this copying can be avoided by simply using the input
      Lastly, the whole loop can be greatly simplified by using the snprintf
      function instead of the playing with strncat.
       By the way, the current implementation allows a recursive variable
       expansion, as in:
         $ echo 'out ${A} out ' | A='a ${B} a' B=b /tmp/a
         out a b a out
       I'm assuming this is just a side effect and not a conscious decision
       (especially as this may lead to infinite loop), but I didn't want to
       change this behaviour without consulting.
       If the current behaviour is deamed incorrect, I'll be happy to send
       a patch without recursive processing.
      Signed-off-by: default avatarMichal Nazarewicz <mina86@mina86.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Jiri Kosina <jkosina@suse.cz>
      Cc: Jesper Juhl <jj@codesealer.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  2. 19 Nov, 2012 1 commit
  3. 25 Oct, 2012 1 commit
    • Kees Cook's avatar
      gen_init_cpio: avoid stack overflow when expanding · 20f1de65
      Kees Cook authored
      Fix possible overflow of the buffer used for expanding environment
      variables when building file list.
      In the extremely unlikely case of an attacker having control over the
      environment variables visible to gen_init_cpio, control over the
      contents of the file gen_init_cpio parses, and gen_init_cpio was built
      without compiler hardening, the attacker can gain arbitrary execution
      control via a stack buffer overflow.
        $ cat usr/crash.list
        file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0
        $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list
        *** buffer overflow detected ***: ./usr/gen_init_cpio terminated
      This also replaces the space-indenting with tabs.
      Patch based on existing fix extracted from grsecurity.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Brad Spengler <spender@grsecurity.net>
      Cc: PaX Team <pageexec@freemail.hu>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  4. 18 Apr, 2011 1 commit
  5. 05 Jan, 2011 1 commit
  6. 29 Dec, 2010 1 commit
  7. 02 Dec, 2010 1 commit
    • Thomas Chou's avatar
      gen_init_cpio: remove leading `/' from file names · 43f901fb
      Thomas Chou authored
      When we extracted the generated cpio archive using "cpio -id" command,
      it complained,
      cpio: Removing leading `/' from member names
      cpio: Removing leading `/' from member names
      cpio: Removing leading `/' from member names
      It is worse with the latest "cpio" or "pax", which tries to overwrite
      the host file system with the leading '/'.
      So the leading '/' of file names should be removed. This is consistent
      with the initramfs come with major distributions such as Fedora or
      Debian, etc.
      Signed-off-by: default avatarThomas Chou <thomas@wytron.com.tw>
      Acked-by: Mike Frysinger<vapier@gentoo.org>
      Signed-off-by: default avatarMichal Marek <mmarek@suse.cz>
  8. 12 Dec, 2009 1 commit
  9. 23 Sep, 2009 1 commit
  10. 03 Dec, 2008 1 commit
    • Sally, Gene's avatar
      kbuild: gen_init_cpio expands shell variables in file names · 3b1ec9fb
      Sally, Gene authored
      Modify gen_init_cpio so that lines that specify files can contain
      what looks like a shell variable that's expanded during processing.
      For example:
         file /sbin/kinit ${RFS_BASE}/usr/src/klibc/kinit/kinit 0755 0 0
      given RFS_BASE is "/some/directory" in the environment
      would be expanded to
         file /sbin/kinit /some/directory/usr/src/klibc/kinit/kinit 0755 0 0
      If several environment variables appear in a line, they are all expanded
      with processing happening from left to right.
      Undefined variables expand to a null string.
      Syntax errors stop processing, letting the existing error handling
      show the user offending line.
      This patch helps embedded folks who frequently create several
      RFS directories and then switch between them as they're tuning
      an initramfs.
      Signed-off-by: gene.sally@timesys.com
      Signed-off-by: default avatarSam Ravnborg <sam@ravnborg.org>
  11. 16 Jul, 2007 1 commit
  12. 11 Feb, 2007 1 commit
  13. 19 Apr, 2006 1 commit
  14. 16 Apr, 2005 1 commit
    • Linus Torvalds's avatar
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds authored
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      Let it rip!