gww@marduk.UUCP (Gary Winiger) (09/05/87)
Subject: dbm_store fails on first attempt to write .pag file. +Fix Index: libc/gen/ndbm.c 4.3BSD +Fix Description: dbm_store fails when the first .pag write is done. Repeat-By: mkpasswd passwd Fix: The comparison for .pag buffer overflow in additem fails to recognize overflow. This is due to the size_t (of sizeof) being unsigned, thus promoting the comparison to unsigned. The C standard, in C.3.3.4, states: ``... and its type (an unsigned integral type) is size_t.'' Casting sizeof to int resolves this problem at ELXSI. Gary.. {ucbvax!sun,lll-lcc!lll-tis,amdahl!altos86,bridge2}!elxsi!gww --------- cut --------- snip --------- :.,$w diff ------------- *** /tmp/,RCSt1000709 Fri Mar 27 17:12:31 1987 --- ndbm.c Fri Mar 27 17:12:12 1987 *************** *** 1,5 **** --- 1,10 ---- /* * $Log: ndbm.c,v $ + * Revision 1.2 87/03/27 17:08:45 gww + * Cast sizeof to int. This comparison will fail when i1 is < 0 because the + * type of sizeof (according to C standard C.3.3.4) is unsigned thus causing + * the comparison to fail because it is promoted to unsigned. + * * Revision 1.1 87/01/15 15:35:33 gww * Initial revision * *************** *** 11,17 **** */ #if defined(LIBC_SCCS) && !defined(lint) ! static char *ERcsId = "$Header: ndbm.c,v 1.1 87/01/15 15:35:33 gww Exp $ ENIX BSD"; static char sccsid[] = "@(#)ndbm.c 5.3 (Berkeley) 3/9/86"; #endif LIBC_SCCS and not lint --- 16,22 ---- */ #if defined(LIBC_SCCS) && !defined(lint) ! static char *ERcsId = "$Header: ndbm.c,v 1.2 87/03/27 17:08:45 gww Exp $ ENIX BSD"; static char sccsid[] = "@(#)ndbm.c 5.3 (Berkeley) 3/9/86"; #endif LIBC_SCCS and not lint *************** *** 503,509 **** if (i2 > 0) i1 = sp[i2]; i1 -= item.dsize + item1.dsize; ! if (i1 <= (i2+3) * sizeof(short)) return (0); sp[0] += 2; sp[++i2] = i1 + item1.dsize; --- 508,514 ---- if (i2 > 0) i1 = sp[i2]; i1 -= item.dsize + item1.dsize; ! if (i1 <= (i2+3) * (int)sizeof(short)) return (0); sp[0] += 2; sp[++i2] = i1 + item1.dsize;