vogel@forty2.UUCP (Stefan Vogel) (12/12/87)
We found the following bug in sushperm.c of the sush distribution:
In routine addgroup the pointer gpmem was incremented before it was used.
So, the first member of the group was never found, and the reference to
the last member lead to an illegal memory reference (NULL pointer!).
original code:
gpmem = gpt->gr_mem;
while(*gpmem++) { <------------------gpmem is incremented
if(!strcmp(user,*gpmem)) <---gpmem is used
ok++;
}
/* auth failed - return */
corrected code:
gpmem = gpt->gr_mem;
while(*gpmem) {
if(!strcmp(user,*gpmem++))
ok++;
}
/* auth failed - return */
Stefan Vogel, Simon Poole
Inst. for Theoretical Physics
University of Zuerich
Switzerland
UUCP: ....mcvac!cernvax!forty2!vogel
BITNET: k524911@czhrzu1a