Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libc/gen Just return an error if we try to look up a use...
details: https://anonhg.NetBSD.org/src/rev/aca38c8a1eb9
branches: trunk
changeset: 522201:aca38c8a1eb9
user: mycroft <mycroft%NetBSD.org@localhost>
date: Tue Feb 12 18:58:04 2002 +0000
description:
Just return an error if we try to look up a user name that's too long, rather
than trying to truncate. The previous truncation code actually set key.size
too large and caused a (non-exploitable) core dump inside DB.
diffstat:
lib/libc/gen/getpwent.c | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
diffs (45 lines):
diff -r 90043cdc56bd -r aca38c8a1eb9 lib/libc/gen/getpwent.c
--- a/lib/libc/gen/getpwent.c Tue Feb 12 16:32:39 2002 +0000
+++ b/lib/libc/gen/getpwent.c Tue Feb 12 18:58:04 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: getpwent.c,v 1.48 2000/10/03 03:22:26 enami Exp $ */
+/* $NetBSD: getpwent.c,v 1.49 2002/02/12 18:58:04 mycroft Exp $ */
/*
* Copyright (c) 1988, 1993
@@ -39,7 +39,7 @@
#if 0
static char sccsid[] = "@(#)getpwent.c 8.2 (Berkeley) 4/27/95";
#else
-__RCSID("$NetBSD: getpwent.c,v 1.48 2000/10/03 03:22:26 enami Exp $");
+__RCSID("$NetBSD: getpwent.c,v 1.49 2002/02/12 18:58:04 mycroft Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -406,7 +406,8 @@
DBT key;
char bf[/*CONSTCOND*/ MAX(MAXLOGNAME, sizeof(_pw_keynum)) + 1];
uid_t uid;
- int search, len, rval;
+ size_t len;
+ int search, rval;
const char *name;
if (!_pw_db && !__initdb())
@@ -425,12 +426,14 @@
case _PW_KEYBYNAME:
name = va_arg(ap, const char *);
len = strlen(name);
- memmove(bf + 1, name, (size_t)MIN(len, MAXLOGNAME));
+ if (len > MAXLOGNAME)
+ return NS_NOTFOUND;
+ memmove(bf + 1, name, len);
key.size = len + 1;
break;
case _PW_KEYBYUID:
uid = va_arg(ap, uid_t);
- memmove(bf + 1, &uid, sizeof(len));
+ memmove(bf + 1, &uid, sizeof(uid));
key.size = sizeof(uid) + 1;
break;
default:
Home |
Main Index |
Thread Index |
Old Index