Modify

Opened 9 years ago

Closed 9 years ago

#2845 closed defect (wontfix)

extra long command-line crashes ash+system on White Russian 0.9

Reported by: anonymous Owned by: developers
Priority: lowest Milestone:
Component: base system Version:
Keywords: busybox ash buffer overflow Cc:

Description

While working on script generators producing very long commandlines, I was curious how long a command line could be.

Surprise:

BusyBox v1.00 (2007.01.30-11:42+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 WHITE RUSSIAN (0.9) -------------------------------
  * 2 oz Vodka   Mix the Vodka and Kahlua together
  * 1 oz Kahlua  over ice, then float the cream or
  * 1/2oz cream  milk on the top.
 ---------------------------------------------------

root@xyz:~# >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxConnection to xyz.wll closed

This is what a running logread -f outputs:

Dec 14 10:50:53 (none) kern.info kernel: attempt to access beyond end of device
Dec 14 10:50:53 (none) kern.info kernel: 1f:02: rw=0, want=1973791, limit=1031
Dec 14 10:50:53 (none) kern.err kernel: SQUASHFS error: sb_bread failed reading  block 0x1e1e1e
Dec 14 10:50:53 (none) kern.err kernel: SQUASHFS error: Unable to read cache block [78787878:1878]
Dec 14 10:50:53 (none) kern.err kernel: SQUASHFS error: Unable to read directory block [78787878:1878]
Dec 14 10:50:53 (none) kern.info kernel: attempt to access beyond end of device
Dec 14 10:50:53 (none) kern.info kernel: 1f:02: rw=0, want=1973791, limit=1031
Dec 14 10:50:53 (none) kern.err kernel: SQUASHFS error: sb_bread failed reading block 0x1e1e1e
[...]

I have not tried this via non-root accounts, but I have seen also a kernel crash related stack dump, which I can't reproduce for the moment. Possibly this depends on length of the command given. Anyway, while ssh logins are still possible, the maschine hangs, no program would be startable from dropbear shell and routing is gone also. This behaviour could well be exploitable. Anyone could forward this to the busybox maintainers, please?

Attachments (0)

Change History (3)

comment:1 Changed 9 years ago by florian

  • Resolution set to wontfix
  • Status changed from new to closed

We do not support whiterussian anymore, please try to upgrade to kamikaze, which has a newer busybox version and possibly bugfix for that case.

comment:2 Changed 9 years ago by anonymous

  • Resolution wontfix deleted
  • Status changed from closed to reopened

You "possibly" have a bugfix for that case? Your reply appears to be just irresponsible tattle.

comment:3 Changed 9 years ago by blogic

  • Priority changed from high to lowest
  • Resolution set to wontfix
  • Status changed from reopened to closed

We do not support whiterussian anymore, please try to upgrade to kamikaze, which has a newer busybox version and possibly bugfix for that case.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.