Date: Sat, 28 Feb 1998 16:10:02 -0800 (PST) From: NAGAO -abtk- Tadaaki <nagao@cs.titech.ac.jp> To: freebsd-bugs Subject: Re: bin/5345: NIS netgroup lookups (innetgr) don't work properly under 2.2.5-RELEASE Message-ID: <199803010010.QAA09312@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/5345; it has been noted by GNATS.
From: NAGAO -abtk- Tadaaki <nagao@cs.titech.ac.jp>
To: freebsd-gnats-submit@freebsd.org, croehrig@house.org
Cc: Subject: Re: bin/5345: NIS netgroup lookups (innetgr) don't work properly under 2.2.5-RELEASE
Date: Sun, 01 Mar 1998 09:06:06 +0900 (JST)
Hello,
I have recently realized the same problem as in PR 5345, and found
that in /usr/src/lib/libc/gen/getnetgrent.c:_listmatch(), `ptr' went
beyond a terminating NUL because of the following while-loop:
while(*ptr != ',' && !isspace(*ptr))
ptr++;
The patch attached at the end of this message will fix this problem.
Now, let me explain the cause of the problem in some more detail...
When searching for `zallhosts' within a list `allhosts,zallhosts'
for example, two pointers `ptr' and `cptr' in _listmatch() eventually
point to:
a l l h o s t s , z a l l h o s t s NUL ...
^cptr ^ptr(beyond the NUL!)
thus a comparison between `glen' (== strlen("zallhosts")) and
`ptr - cptr':
if (strncmp(cptr, group, glen) == 0 &&
glen == (ptr - cptr))
return(1);
unfortunately fails though strncmp() == 0, and _listmatch() returns
"no match".
Since PR 5610, in fact, was caused by the same bug as above, the
changes made to close PR 5610 can be backed out when this bug is fixed.
(actually, I did so when I made the patch below.)
Cheers,
-- Tada
NAGAO Tadaaki (nagao@cs.titech.ac.jp)
Dept. of Computer Science, Tokyo Institute of Technology, Japan.
--- getnetgrent.c.orig Sun Mar 1 04:27:23 1998
+++ getnetgrent.c Sun Mar 1 04:28:09 1998
@@ -286,21 +286,15 @@
while(isspace(*ptr))
ptr++;
- if (strchr(list, ',') == NULL) {
- if (strncmp(ptr, group, glen) == 0) {
+ while (ptr < list + len) {
+ cptr = ptr;
+ while(*ptr != ',' && *ptr != '\0' && !isspace(*ptr))
+ ptr++;
+ if (strncmp(cptr, group, glen) == 0 &&
+ glen == (ptr - cptr))
return(1);
- }
- } else {
- while (ptr < list + len) {
- cptr = ptr;
- while(*ptr != ',' && !isspace(*ptr))
- ptr++;
- if (strncmp(cptr, group, glen) == 0 &&
- glen == (ptr - cptr))
- return(1);
- while(*ptr == ',' || isspace(*ptr))
- ptr++;
- }
+ while(*ptr == ',' || isspace(*ptr))
+ ptr++;
}
return(0);
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803010010.QAA09312>