From 4aca87515a5083ae0e31ce3177189fd43b6d05ac Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sat, 3 Jan 2015 13:58:15 +0100
Subject: patch to Vanilla Tomato 1.28

---
 release/src/router/busybox/libbb/login.c | 185 ++++++++++++++++---------------
 1 file changed, 93 insertions(+), 92 deletions(-)

(limited to 'release/src/router/busybox/libbb/login.c')

diff --git a/release/src/router/busybox/libbb/login.c b/release/src/router/busybox/libbb/login.c
index 3f67a819..b3e199ce 100644
--- a/release/src/router/busybox/libbb/login.c
+++ b/release/src/router/busybox/libbb/login.c
@@ -1,43 +1,28 @@
+/* vi: set sw=4 ts=4: */
 /*
  * issue.c: issue printing code
  *
  * Copyright (C) 2003 Bastian Blank <waldi@tuxbox.org>
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
  * Optimize and correcting OCRNL by Vladimir Oleynik <dzo@simtreas.ru>
+ *
+ * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
  */
 
 #include <sys/param.h>  /* MAXHOSTNAMELEN */
-#include <stdio.h>
-#include <unistd.h>
-#include "libbb.h"
-
 #include <sys/utsname.h>
-#include <time.h>
+#include "libbb.h"
 
 #define LOGIN " login: "
 
-static const char fmtstr_d[] = "%A, %d %B %Y";
-static const char fmtstr_t[] = "%H:%M:%S";
+static const char fmtstr_d[] ALIGN1 = "%A, %d %B %Y";
+static const char fmtstr_t[] ALIGN1 = "%H:%M:%S";
 
-void print_login_issue(const char *issue_file, const char *tty)
+void FAST_FUNC print_login_issue(const char *issue_file, const char *tty)
 {
-	FILE *fd;
+	FILE *fp;
 	int c;
-	char buf[256];
+	char buf[256+1];
 	const char *outbuf;
 	time_t t;
 	struct utsname uts;
@@ -47,82 +32,98 @@ void print_login_issue(const char *issue_file, const char *tty)
 
 	puts("\r");	/* start a new line */
 
-	if ((fd = fopen(issue_file, "r"))) {
-		while ((c = fgetc(fd)) != EOF) {
-			outbuf = buf;
-			buf[0] = c;
-			if(c == '\n') {
-				buf[1] = '\r';
-				buf[2] = 0;
-			} else {
-				buf[1] = 0;
-			}
-			if (c == '\\' || c == '%') {
-				c = fgetc(fd);
-				switch (c) {
-					case 's':
-						outbuf = uts.sysname;
-						break;
-
-					case 'n':
-						outbuf = uts.nodename;
-						break;
-
-					case 'r':
-						outbuf = uts.release;
-						break;
-
-					case 'v':
-						outbuf = uts.version;
-						break;
-
-					case 'm':
-						outbuf = uts.machine;
-						break;
-
-					case 'D':
-					case 'o':
-						getdomainname(buf, sizeof(buf));
-						buf[sizeof(buf) - 1] = '\0';
-						break;
-
-					case 'd':
-						strftime(buf, sizeof(buf), fmtstr_d, localtime(&t));
-						break;
-
-					case 't':
-						strftime(buf, sizeof(buf), fmtstr_t, localtime(&t));
-						break;
-
-					case 'h':
-						gethostname(buf, sizeof(buf) - 1);
-						break;
-
-					case 'l':
-						outbuf = tty;
-						break;
-
-					default:
-						buf[0] = c;
-				}
+	fp = fopen_for_read(issue_file);
+	if (!fp)
+		return;
+	while ((c = fgetc(fp)) != EOF) {
+		outbuf = buf;
+		buf[0] = c;
+		buf[1] = '\0';
+		if (c == '\n') {
+			buf[1] = '\r';
+			buf[2] = '\0';
 		}
-			fputs(outbuf, stdout);
+		if (c == '\\' || c == '%') {
+			c = fgetc(fp);
+			switch (c) {
+			case 's':
+				outbuf = uts.sysname;
+				break;
+			case 'n':
+			case 'h':
+				outbuf = uts.nodename;
+				break;
+			case 'r':
+				outbuf = uts.release;
+				break;
+			case 'v':
+				outbuf = uts.version;
+				break;
+			case 'm':
+				outbuf = uts.machine;
+				break;
+			case 'D':
+			case 'o':
+				outbuf = uts.domainname;
+				break;
+			case 'd':
+				strftime(buf, sizeof(buf), fmtstr_d, localtime(&t));
+				break;
+			case 't':
+				strftime(buf, sizeof(buf), fmtstr_t, localtime(&t));
+				break;
+			case 'l':
+				outbuf = tty;
+				break;
+			default:
+				buf[0] = c;
+			}
 		}
-
-		fclose(fd);
-
-		fflush(stdout);
+		fputs(outbuf, stdout);
 	}
+	fclose(fp);
+	fflush(stdout);
 }
 
-void print_login_prompt(void)
+void FAST_FUNC print_login_prompt(void)
 {
-	char buf[MAXHOSTNAMELEN+1];
-
-	gethostname(buf, MAXHOSTNAMELEN);
-	fputs(buf, stdout);
+	char *hostname = safe_gethostname();
 
+	fputs(hostname, stdout);
 	fputs(LOGIN, stdout);
 	fflush(stdout);
+	free(hostname);
 }
 
+/* Clear dangerous stuff, set PATH */
+static const char forbid[] ALIGN1 =
+	"ENV" "\0"
+	"BASH_ENV" "\0"
+	"HOME" "\0"
+	"IFS" "\0"
+	"SHELL" "\0"
+	"LD_LIBRARY_PATH" "\0"
+	"LD_PRELOAD" "\0"
+	"LD_TRACE_LOADED_OBJECTS" "\0"
+	"LD_BIND_NOW" "\0"
+	"LD_AOUT_LIBRARY_PATH" "\0"
+	"LD_AOUT_PRELOAD" "\0"
+	"LD_NOWARN" "\0"
+	"LD_KEEPDIR" "\0";
+
+int FAST_FUNC sanitize_env_if_suid(void)
+{
+	const char *p;
+
+	if (getuid() == geteuid())
+		return 0;
+
+	p = forbid;
+	do {
+		unsetenv(p);
+		p += strlen(p) + 1;
+	} while (*p);
+	putenv((char*)bb_PATH_root_path);
+
+	return 1; /* we indeed were run by different user! */
+}
-- 
cgit v1.2.3-54-g00ecf