From nobody  Fri Dec 19 12:06:01 1997
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id MAA13840;
          Fri, 19 Dec 1997 12:06:01 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199712192006.MAA13840@hub.freebsd.org>
Date: Fri, 19 Dec 1997 12:06:01 -0800 (PST)
From: croehrig@house.org
To: freebsd-gnats-submit@freebsd.org
Subject: NIS netgroup lookups (innetgr) don't work properly under 2.2.5-RELEASE
X-Send-Pr-Version: www-1.0

>Number:         5345
>Category:       bin
>Synopsis:       NIS netgroup lookups (innetgr) don't work properly under 2.2.5-RELEASE
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    steve
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 19 12:10:01 PST 1997
>Closed-Date:    Sun Mar 1 10:54:49 PST 1998
>Last-Modified:  Sun Mar  1 10:56:39 PST 1998
>Originator:     Chris Roehrig
>Release:        2.2.5-RELEASE
>Organization:
University of British Columbia
>Environment:
FreeBSD javanica.house.org 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0: Wed Dec 17 08:13:26 PST 1997     croehrig@javanica.house.org:/Mounts/Local2/FreeBSD/2.2-STABLE/src/sys/compile/JAVANICA  i386
>Description:

innetgr seems to be broken in 2.2.5-RELEASE.

I just upgraded from 2.2.1-RELEASE where netgroups worked fine, and now lookups  
don't work properly.   When a host belongs to more than one netgroup, innetgr  
seems to ignore the one listed last.


>How-To-Repeat:
Set up a netgroup map using a netgroup file like:
allhosts (good,,) (bad,,)
zallhosts (good,,) (bad,,)
badhosts (bad,,)

% ypcat -k netgroup.byhost
good.* allhosts,zallhosts
bad.* allhosts,badhosts,zallhosts

The output of the following program:
#include <stdio.h>
void main( int argc, char *argv[] )
{    printf("innetgr(%s,%s,NULL,NULL)   ->  %d\n", 
        argv[1], argv[2],innetgr(argv[1], argv[2], NULL, NULL ) ); }

Gives:
innetgr(allhosts,good,NULL,NULL)   ->  1
innetgr(allhosts,bad,NULL,NULL)   ->  1
innetgr(badhosts,good,NULL,NULL)   ->  0
innetgr(badhosts,bad,NULL,NULL)   ->  1
innetgr(zallhosts,good,NULL,NULL)   ->  0
innetgr(zallhosts,bad,NULL,NULL)   ->  0

The last two tests are incorrect.

>Fix:

>Release-Note:
>Audit-Trail:

From: NAGAO -abtk- Tadaaki <nagao@cs.titech.ac.jp>
To: freebsd-gnats-submit@freebsd.org, croehrig@house.org
Cc:  Subject: Re: bin/5345: NIS netgroup lookups (innetgr) don't work properly under 2.2.5-RELEASE
Date: Sun, 01 Mar 1998 09:06:06 +0900 (JST)

 Hello,
 
 I have recently realized the same problem as in PR 5345, and found
 that in /usr/src/lib/libc/gen/getnetgrent.c:_listmatch(), `ptr' went
 beyond a terminating NUL because of the following while-loop:
 
 			while(*ptr != ','  && !isspace(*ptr))
 				ptr++;
 
 The patch attached at the end of this message will fix this problem.
 
 Now, let me explain the cause of the problem in some more detail...
 
 When searching for `zallhosts' within a list `allhosts,zallhosts'
 for example, two pointers `ptr' and `cptr' in _listmatch() eventually
 point to:
 
     a l l h o s t s , z a l l h o s t s NUL ...
                       ^cptr                    ^ptr(beyond the NUL!)
 
 thus a comparison between `glen' (== strlen("zallhosts")) and
 `ptr - cptr':
 
 			if (strncmp(cptr, group, glen) == 0 &&
 					glen == (ptr - cptr))
 				return(1);
 
 unfortunately fails though strncmp() == 0, and _listmatch() returns
 "no match".
 
 Since PR 5610, in fact, was caused by the same bug as above, the
 changes made to close PR 5610 can be backed out when this bug is fixed.
 (actually, I did so when I made the patch below.)
 
 Cheers,
 -- Tada
 NAGAO Tadaaki (nagao@cs.titech.ac.jp)
 Dept. of Computer Science, Tokyo Institute of Technology, Japan.
 
 --- getnetgrent.c.orig	Sun Mar  1 04:27:23 1998
 +++ getnetgrent.c	Sun Mar  1 04:28:09 1998
 @@ -286,21 +286,15 @@
  	while(isspace(*ptr))
  		ptr++;
  
 -	if (strchr(list, ',') == NULL) {
 -		if (strncmp(ptr, group, glen) == 0) {
 +	while (ptr < list + len) {
 +		cptr = ptr;
 +		while(*ptr != ','  && *ptr != '\0' && !isspace(*ptr))
 +			ptr++;
 +		if (strncmp(cptr, group, glen) == 0 &&
 +				glen == (ptr - cptr))
  			return(1);
 -		}
 -	} else {
 -		while (ptr < list + len) {
 -			cptr = ptr;
 -			while(*ptr != ','  && !isspace(*ptr))
 -				ptr++;
 -			if (strncmp(cptr, group, glen) == 0 &&
 -					glen == (ptr - cptr))
 -				return(1);
 -			while(*ptr == ','  || isspace(*ptr))
 -				ptr++;
 -		}
 +		while(*ptr == ','  || isspace(*ptr))
 +			ptr++;
  	}
  
  	return(0);
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Sun Mar 1 10:54:49 PST 1998 
State-Changed-Why:  
Committed NAGO Tadaaki's fix.  Thanks! 


Responsible-Changed-From-To: freebsd-bugs->steve 
Responsible-Changed-By: steve 
Responsible-Changed-When: Sun Mar 1 10:54:49 PST 1998 
Responsible-Changed-Why:  

>Unformatted:
