From owner-freebsd-bugs  Thu Jun  7 15: 0:13 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7E09A37B407
	for <freebsd-bugs@hub.freebsd.org>; Thu,  7 Jun 2001 15:00:04 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.3/8.11.3) id f57M04L39467;
	Thu, 7 Jun 2001 15:00:04 -0700 (PDT)
	(envelope-from gnats)
Date: Thu, 7 Jun 2001 15:00:04 -0700 (PDT)
Message-Id: <200106072200.f57M04L39467@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: David Malone <dwmalone@maths.tcd.ie>
Subject: Re: bin/27860: sshd caught signal 10
Reply-To: David Malone <dwmalone@maths.tcd.ie>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/27860; it has been noted by GNATS.

From: David Malone <dwmalone@maths.tcd.ie>
To: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
Cc: FreeBSD-gnats-submit@freebsd.org, nectar@freebsd.org
Subject: Re: bin/27860: sshd caught signal 10
Date: Thu, 7 Jun 2001 22:58:19 +0100

 On Mon, Jun 04, 2001 at 05:30:53AM +0900, Yoshihiro Koya wrote:
 > >Description:
 > Too long user name causes sshd to dump core.
 > I tried to make patch. But, I couldn't do it.
 
 I've found the problem - it looks like a reintroduction of a bug
 in getpwent.c. It was originally fixed in versions 1.47 and 1.48
 but the bug was brought back in again with the nsswitch stuff.
 
 I'm testing the patch below which seems to fix the problem. If
 someone can review it for me I'll commit it tomorrow.
 
 Note - MAXLOGNAME includes space for the trailing \0, which the
 key doesn't seem to include - hence the comparison with MAXLOGNAME-1.
 I've tested it with a 16 character username and things seem to work
 as expected.
 
 	David.
 
 
 Index: src/lib/libc/gen/getpwent.c
 ===================================================================
 RCS file: /cvs/FreeBSD-CVS/src/lib/libc/gen/getpwent.c,v
 retrieving revision 1.59
 diff -u -r1.59 getpwent.c
 --- src/lib/libc/gen/getpwent.c	2001/01/24 12:59:22	1.59
 +++ src/lib/libc/gen/getpwent.c	2001/06/07 21:30:34
 @@ -386,7 +386,9 @@
  	case _PW_KEYBYNAME:
  		name = va_arg(ap, const char *);
  		len = strlen(name);
 -		memmove(bf + 1, name, (size_t)MIN(len, MAXLOGNAME));
 +		if (len > MAXLOGNAME - 1)
 +			return NS_NOTFOUND;
 +		memmove(bf + 1, name, len);
  		key.size = len + 1;
  		break;
  	case _PW_KEYBYUID:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message