From owner-freebsd-bugs Thu Apr 8 6:42: 3 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id C43F6159A8 for ; Thu, 8 Apr 1999 06:42:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.2/8.9.2) id GAA50885; Thu, 8 Apr 1999 06:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 1ADF4150E4; Thu, 8 Apr 1999 06:39:19 -0700 (PDT) Message-Id: <19990408133919.1ADF4150E4@hub.freebsd.org> Date: Thu, 8 Apr 1999 06:39:19 -0700 (PDT) From: rpb@community.net.uk To: freebsd-gnats-submit@freebsd.org X-Send-Pr-Version: www-1.0 Subject: misc/11024: getpwnam(3) uses incorrect #define to limit username length Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 11024 >Category: misc >Synopsis: getpwnam(3) uses incorrect #define to limit username length >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Apr 8 06:40:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Ray Bellis >Release: 2.2.x, 3.x >Organization: community internet plc >Environment: >Description: The getpwnam(3) library call compares against UT_NAMESIZE (8 in 2.x, 16 in 3.x). Shouldn't UT_NAMESIZE be used just to indicate the maximum characters stored in a UTMP entry, rather than to limit the allowable size of username? That's what #defines like 'MAXLOGNAME' are supposed to represent, and indeed many programs and library calls such as getlogin(3) use MAXLOGNAME in this way. >How-To-Repeat: >Fix: modify getpwnam(3) et al to honour MAXLOGNAME - 1 instead of UT_NAMESIZE Also (3.1-stable) include/stdio.h lib/libc/gen/pwcache.c release/sysinstall/sysinstall/user.c usr.bin/chpass/pw_yp.c usr.bin/finger/finger.c (maybe?) usr.bin/login/login.c I've found about another 10 places where programs will produce unexpected output if UT_NAMESIZE isn't actually big enough to hold MAXLOGNAME - 1 characters, as was the case in FreeBSD 2.x >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message