From owner-freebsd-bugs  Sat Feb 28 16:10:04 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA09333
          for freebsd-bugs-outgoing; Sat, 28 Feb 1998 16:10:04 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA09312;
          Sat, 28 Feb 1998 16:10:02 -0800 (PST)
          (envelope-from gnats)
Date: Sat, 28 Feb 1998 16:10:02 -0800 (PST)
Message-Id: <199803010010.QAA09312@hub.freebsd.org>
To: freebsd-bugs
Cc: 
From: NAGAO -abtk- Tadaaki <nagao@cs.titech.ac.jp>
Subject: Re: bin/5345: NIS netgroup lookups (innetgr) don't work properly under 2.2.5-RELEASE
Reply-To: NAGAO -abtk- Tadaaki <nagao@cs.titech.ac.jp>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/5345; it has been noted by GNATS.

From: NAGAO -abtk- Tadaaki <nagao@cs.titech.ac.jp>
To: freebsd-gnats-submit@freebsd.org, croehrig@house.org
Cc:  Subject: Re: bin/5345: NIS netgroup lookups (innetgr) don't work properly under 2.2.5-RELEASE
Date: Sun, 01 Mar 1998 09:06:06 +0900 (JST)

 Hello,
 
 I have recently realized the same problem as in PR 5345, and found
 that in /usr/src/lib/libc/gen/getnetgrent.c:_listmatch(), `ptr' went
 beyond a terminating NUL because of the following while-loop:
 
 			while(*ptr != ','  && !isspace(*ptr))
 				ptr++;
 
 The patch attached at the end of this message will fix this problem.
 
 Now, let me explain the cause of the problem in some more detail...
 
 When searching for `zallhosts' within a list `allhosts,zallhosts'
 for example, two pointers `ptr' and `cptr' in _listmatch() eventually
 point to:
 
     a l l h o s t s , z a l l h o s t s NUL ...
                       ^cptr                    ^ptr(beyond the NUL!)
 
 thus a comparison between `glen' (== strlen("zallhosts")) and
 `ptr - cptr':
 
 			if (strncmp(cptr, group, glen) == 0 &&
 					glen == (ptr - cptr))
 				return(1);
 
 unfortunately fails though strncmp() == 0, and _listmatch() returns
 "no match".
 
 Since PR 5610, in fact, was caused by the same bug as above, the
 changes made to close PR 5610 can be backed out when this bug is fixed.
 (actually, I did so when I made the patch below.)
 
 Cheers,
 -- Tada
 NAGAO Tadaaki (nagao@cs.titech.ac.jp)
 Dept. of Computer Science, Tokyo Institute of Technology, Japan.
 
 --- getnetgrent.c.orig	Sun Mar  1 04:27:23 1998
 +++ getnetgrent.c	Sun Mar  1 04:28:09 1998
 @@ -286,21 +286,15 @@
  	while(isspace(*ptr))
  		ptr++;
  
 -	if (strchr(list, ',') == NULL) {
 -		if (strncmp(ptr, group, glen) == 0) {
 +	while (ptr < list + len) {
 +		cptr = ptr;
 +		while(*ptr != ','  && *ptr != '\0' && !isspace(*ptr))
 +			ptr++;
 +		if (strncmp(cptr, group, glen) == 0 &&
 +				glen == (ptr - cptr))
  			return(1);
 -		}
 -	} else {
 -		while (ptr < list + len) {
 -			cptr = ptr;
 -			while(*ptr != ','  && !isspace(*ptr))
 -				ptr++;
 -			if (strncmp(cptr, group, glen) == 0 &&
 -					glen == (ptr - cptr))
 -				return(1);
 -			while(*ptr == ','  || isspace(*ptr))
 -				ptr++;
 -		}
 +		while(*ptr == ','  || isspace(*ptr))
 +			ptr++;
  	}
  
  	return(0);

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message