From owner-freebsd-bugs Thu Jun 7 15: 0:13 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7E09A37B407 for ; Thu, 7 Jun 2001 15:00:04 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f57M04L39467; Thu, 7 Jun 2001 15:00:04 -0700 (PDT) (envelope-from gnats) Date: Thu, 7 Jun 2001 15:00:04 -0700 (PDT) Message-Id: <200106072200.f57M04L39467@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: David Malone Subject: Re: bin/27860: sshd caught signal 10 Reply-To: David Malone Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/27860; it has been noted by GNATS. From: David Malone To: Yoshihiro Koya Cc: FreeBSD-gnats-submit@freebsd.org, nectar@freebsd.org Subject: Re: bin/27860: sshd caught signal 10 Date: Thu, 7 Jun 2001 22:58:19 +0100 On Mon, Jun 04, 2001 at 05:30:53AM +0900, Yoshihiro Koya wrote: > >Description: > Too long user name causes sshd to dump core. > I tried to make patch. But, I couldn't do it. I've found the problem - it looks like a reintroduction of a bug in getpwent.c. It was originally fixed in versions 1.47 and 1.48 but the bug was brought back in again with the nsswitch stuff. I'm testing the patch below which seems to fix the problem. If someone can review it for me I'll commit it tomorrow. Note - MAXLOGNAME includes space for the trailing \0, which the key doesn't seem to include - hence the comparison with MAXLOGNAME-1. I've tested it with a 16 character username and things seem to work as expected. David. Index: src/lib/libc/gen/getpwent.c =================================================================== RCS file: /cvs/FreeBSD-CVS/src/lib/libc/gen/getpwent.c,v retrieving revision 1.59 diff -u -r1.59 getpwent.c --- src/lib/libc/gen/getpwent.c 2001/01/24 12:59:22 1.59 +++ src/lib/libc/gen/getpwent.c 2001/06/07 21:30:34 @@ -386,7 +386,9 @@ case _PW_KEYBYNAME: name = va_arg(ap, const char *); len = strlen(name); - memmove(bf + 1, name, (size_t)MIN(len, MAXLOGNAME)); + if (len > MAXLOGNAME - 1) + return NS_NOTFOUND; + memmove(bf + 1, name, len); key.size = len + 1; break; case _PW_KEYBYUID: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message