>Number:         3427
>Category:       bin
>Synopsis:       sizeof() problems in cron
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr  1 02:20:01 1997
>Last-Modified:
>Originator:     Simon Burge
>Organization:
	Telstra Corp, Ltd.
>Release:        NetBSD-current April 1, 1997
>Environment:
	NetBSD mona 1.2C NetBSD 1.2C (MONA) #1: Mon Mar 10 12:59:43 EST 1997     simonb@mona:/slab/0/src/sys/arch/pmax/compile/MONA pmax
>Description:
	The sizeof() operator is used incorrectly in buffer size
	calculations.  I'm really not sure what the defined behaviour
	of sizeof(variable - 1) is...
>How-To-Repeat:
	crontab -l -u <username>
>Fix:
        Here's a diff.  I don't know if any other buffer size checks in
        other programs were made around the same time, but it may be
        worth checking up.

diff -ur /ftp/pub/NetBSD/NetBSD-current/src/usr.sbin/cron/crontab.c crontab.c
--- /ftp/pub/NetBSD/NetBSD-current/src/usr.sbin/cron/crontab.c	Thu Mar 13 22:25:00 1997
+++ crontab.c	Tue Apr  1 18:15:05 1997
@@ -171,7 +171,7 @@
 					ProgramName, optarg);
 				exit(ERROR_EXIT);
 			}
-			(void) strncpy(User, optarg, sizeof(User - 1));
+			(void) strncpy(User, optarg, sizeof(User) - 1);
 			User[sizeof(User) - 1] = '\0';
 			break;
 		case 'l':
diff -ur /ftp/pub/NetBSD/NetBSD-current/src/usr.sbin/cron/env.c env.c
--- /ftp/pub/NetBSD/NetBSD-current/src/usr.sbin/cron/env.c	Thu Mar 13 22:25:00 1997
+++ env.c	Tue Apr  1 18:42:51 1997
@@ -152,7 +152,7 @@
 				if (val[len-1] == val[0]) {
 					val[len-1] = '\0';
 					(void) strncpy(val, val+1,
-					    sizeof(val - 1));
+					    sizeof(val) - 1);
 					val[sizeof(val) - 1] = '\0';
 				}
 			}
>Audit-Trail:
>Unformatted: