valke@wundt.psy.vu.nl (Peter Valkenburg) (01/13/90)
Hello,
strncmp() in the MINIX ansi library (not the assembly package) contains
a very annoying bug. Occasionally it copies a nul character too many. I
found this out trying to fix what I thought was a bug in who(1). It
turned out login on 1.5.0 overwrote a stack variable because of the buggy
strncpy, and messed up the wtmp file in the process.
A gross bug in such an important routine - it's enough to drive you paranoid...
Anyway, here's the cdiff to /usr/src/lib/ansi/strncpy.c. You have to at least
recompile login. I haven't bothered to find out about other stuff that
depends on this. You won't have this problem if you used the assembly string
stuff posted recently.
Bye,
Peter Valkenburg (valke@psy.vu.nl).
--------------cut here--------------cut here--------------cut here------------
*** strcpy.old Sat Jan 13 03:02:19 1990
--- strncpy.c Sat Jan 13 03:07:12 1990
***************
*** 15,21 ****
dscan = dst;
sscan = src;
count = n;
! while (count > 0 && (*dscan++ = *sscan++) != '\0') count--;
while (count > 0) {
*dscan++ = '\0'; count--;
}
--- 15,25 ----
dscan = dst;
sscan = src;
count = n;
! while (count > 0) {
! count--;
! if ((*dscan++ = *sscan++) == '\0')
! break;
! }
while (count > 0) {
*dscan++ = '\0'; count--;
}