When getpwnam() is passed a very large buffer, it will recieve a SIGBUS or SIGSEGV. As far as I've looked so far, it appears to manifest itself in __hashpw(), possibly during this macro: #define EXPAND(e) e = t; while ( (*t++ = *p++) ); Though I'm no coder, I think the problem might be that in getpwnam, "name" isn't necessarily null terminated. It is defined one byte larger than what is bcopied into it, but the last byte might not be zero. Fix: If it's really just a null termination problem, add the null. I've not yet recompiled my libraries to test this theory. How-To-Repeat: #include <stdio.h> #include <sys/types.h> #include <pwd.h> char zeename[]="AVeryLongStringGoesHere"; struct passwd * gunk; main() { gunk=getpwnam(zeename); }
Here's a patch that fixes the bug. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com Index: getpwent.c =================================================================== RCS file: /cvs/freebsd/src/lib/libc/gen/getpwent.c,v retrieving revision 1.44 diff -u -r1.44 getpwent.c --- getpwent.c 1998/02/01 06:16:08 1.44 +++ getpwent.c 1998/10/29 19:09:06 @@ -145,8 +145,8 @@ return((struct passwd *)NULL); bf[0] = _PW_KEYBYNAME; - len = strlen(name); - bcopy(name, bf + 1, MIN(len, UT_NAMESIZE)); + len = MIN(strlen(name), UT_NAMESIZE); + bcopy(name, bf + 1, len); key.data = (u_char *)bf; key.size = len + 1; rval = __hashpw(&key);
State Changed From-To: open->closed length computed correctly as per Archie's followup