gww@marduk.UUCP (Gary Winiger) (09/05/87)
Subject: dbm_store fails on first attempt to write .pag file. +Fix
Index: libc/gen/ndbm.c 4.3BSD +Fix
Description:
dbm_store fails when the first .pag write is done.
Repeat-By:
mkpasswd passwd
Fix:
The comparison for .pag buffer overflow in additem fails to
recognize overflow. This is due to the size_t (of sizeof) being
unsigned, thus promoting the comparison to unsigned. The C
standard, in C.3.3.4, states:
``... and its type (an unsigned integral type) is size_t.''
Casting sizeof to int resolves this problem at ELXSI.
Gary..
{ucbvax!sun,lll-lcc!lll-tis,amdahl!altos86,bridge2}!elxsi!gww
--------- cut --------- snip --------- :.,$w diff -------------
*** /tmp/,RCSt1000709 Fri Mar 27 17:12:31 1987
--- ndbm.c Fri Mar 27 17:12:12 1987
***************
*** 1,5 ****
--- 1,10 ----
/*
* $Log: ndbm.c,v $
+ * Revision 1.2 87/03/27 17:08:45 gww
+ * Cast sizeof to int. This comparison will fail when i1 is < 0 because the
+ * type of sizeof (according to C standard C.3.3.4) is unsigned thus causing
+ * the comparison to fail because it is promoted to unsigned.
+ *
* Revision 1.1 87/01/15 15:35:33 gww
* Initial revision
*
***************
*** 11,17 ****
*/
#if defined(LIBC_SCCS) && !defined(lint)
! static char *ERcsId = "$Header: ndbm.c,v 1.1 87/01/15 15:35:33 gww Exp $ ENIX BSD";
static char sccsid[] = "@(#)ndbm.c 5.3 (Berkeley) 3/9/86";
#endif LIBC_SCCS and not lint
--- 16,22 ----
*/
#if defined(LIBC_SCCS) && !defined(lint)
! static char *ERcsId = "$Header: ndbm.c,v 1.2 87/03/27 17:08:45 gww Exp $ ENIX BSD";
static char sccsid[] = "@(#)ndbm.c 5.3 (Berkeley) 3/9/86";
#endif LIBC_SCCS and not lint
***************
*** 503,509 ****
if (i2 > 0)
i1 = sp[i2];
i1 -= item.dsize + item1.dsize;
! if (i1 <= (i2+3) * sizeof(short))
return (0);
sp[0] += 2;
sp[++i2] = i1 + item1.dsize;
--- 508,514 ----
if (i2 > 0)
i1 = sp[i2];
i1 -= item.dsize + item1.dsize;
! if (i1 <= (i2+3) * (int)sizeof(short))
return (0);
sp[0] += 2;
sp[++i2] = i1 + item1.dsize;