From owner-cvs-all  Thu Dec 17 08:58:01 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA18765
          for cvs-all-outgoing; Thu, 17 Dec 1998 08:54:51 -0800 (PST)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA18754;
          Thu, 17 Dec 1998 08:54:46 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id RAA21327;
	Thu, 17 Dec 1998 17:54:36 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id RAA93792;
	Thu, 17 Dec 1998 17:54:35 +0100 (MET)
Message-ID: <19981217175430.B93539@follo.net>
Date: Thu, 17 Dec 1998 17:54:30 +0100
From: Eivind Eklund <eivind@yes.no>
To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/lib/libc/gen getpwent.c
References: <199812171631.IAA26960@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199812171631.IAA26960@freefall.freebsd.org>; from Eivind Eklund on Thu, Dec 17, 1998 at 08:31:03AM -0800
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

On Thu, Dec 17, 1998 at 08:31:03AM -0800, Eivind Eklund wrote:
> eivind      1998/12/17 08:31:02 PST
> 
>   Modified files:
>     lib/libc/gen         getpwent.c 
>   Log:
>   Restore old semantics (broken in rev 1.47's buffer overflow fix).

There have previously been two attempts to fix this problem by
truncation.  None of them have been quite right - the two-line fixup
of the fix was done by one FreeBSD committer and reviewed by another,
and still was wrong (no longer overflowable, but wrong semantics).

This illustrate a point I have made repeatedly, both on Bugtraq and in
various *BSD-lists: Truncation is usually wrong.  If you are on an
error path, look for some way to get a correct error return instead of
truncating.  In this case, it was trivial.  In some cases it isn't
(but remember - abort() is a usable error return, too), and truncation
is the only option - but don't reach for it as your first tool.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message