Date: Thu, 7 Jun 2001 15:00:04 -0700 (PDT) From: David Malone <dwmalone@maths.tcd.ie> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/27860: sshd caught signal 10 Message-ID: <200106072200.f57M04L39467@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/27860; it has been noted by GNATS. From: David Malone <dwmalone@maths.tcd.ie> To: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp> Cc: FreeBSD-gnats-submit@freebsd.org, nectar@freebsd.org Subject: Re: bin/27860: sshd caught signal 10 Date: Thu, 7 Jun 2001 22:58:19 +0100 On Mon, Jun 04, 2001 at 05:30:53AM +0900, Yoshihiro Koya wrote: > >Description: > Too long user name causes sshd to dump core. > I tried to make patch. But, I couldn't do it. I've found the problem - it looks like a reintroduction of a bug in getpwent.c. It was originally fixed in versions 1.47 and 1.48 but the bug was brought back in again with the nsswitch stuff. I'm testing the patch below which seems to fix the problem. If someone can review it for me I'll commit it tomorrow. Note - MAXLOGNAME includes space for the trailing \0, which the key doesn't seem to include - hence the comparison with MAXLOGNAME-1. I've tested it with a 16 character username and things seem to work as expected. David. Index: src/lib/libc/gen/getpwent.c =================================================================== RCS file: /cvs/FreeBSD-CVS/src/lib/libc/gen/getpwent.c,v retrieving revision 1.59 diff -u -r1.59 getpwent.c --- src/lib/libc/gen/getpwent.c 2001/01/24 12:59:22 1.59 +++ src/lib/libc/gen/getpwent.c 2001/06/07 21:30:34 @@ -386,7 +386,9 @@ case _PW_KEYBYNAME: name = va_arg(ap, const char *); len = strlen(name); - memmove(bf + 1, name, (size_t)MIN(len, MAXLOGNAME)); + if (len > MAXLOGNAME - 1) + return NS_NOTFOUND; + memmove(bf + 1, name, len); key.size = len + 1; break; case _PW_KEYBYUID: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106072200.f57M04L39467>