From dannyman@sasquatch.dannyland.org  Wed Jan  6 11:42:34 1999
Received: from sasquatch.dannyland.org (sasquatch.dannyland.org [207.229.158.70])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA26767
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 6 Jan 1999 11:42:34 -0800 (PST)
          (envelope-from dannyman@sasquatch.dannyland.org)
Received: (qmail 3703 invoked by uid 1000); 6 Jan 1999 19:42:28 -0000
Message-Id: <19990106194228.3702.qmail@sasquatch.dannyland.org>
Date: 6 Jan 1999 19:42:28 -0000
From: dannyman@sasquatch.dannyland.org
Reply-To: dannyman@sasquatch.dannyland.org
To: FreeBSD-gnats-submit@freebsd.org
Cc: dannyman@sasquatch.dannyland.org
Subject: 2.2.8-RELEASE/ERRATA.TXT should include getpwent.c semantics
X-Send-Pr-Version: 3.2

>Number:         9351
>Category:       docs
>Synopsis:       2.2.8-RELEASE/ERRATA.TXT should include getpwent.c semantics
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan  6 11:50:01 PST 1999
>Closed-Date:    Wed Jan 6 19:59:06 PST 1999
>Last-Modified:  Wed Jan  6 19:59:13 PST 1999
>Originator:     Dan Howard
>Release:        FreeBSD 2.2.8-RELEASE i386
>Organization:
EnterAct, LLC
>Environment:

2.2.8-RELEASE

>Description:

There was a buffer overflow patch made to src/lib/libc/gen/getpwent.c
immediately prior release of 2.2.8.  A side-effect of this patch was to modify
the semantics of getpwnam() such that a string that was longer than the
maximum allowed for a username would still match if the first part of the
string properly matched a user name.  This behaviour was corrected by eivind
at 1.35.2.3 of the CVS repository.

As this change to getpwnam() across releases adversely impacted the behaviour
of mail aliases on our system, and was somewhat tricky to diagnose, it would
seem helpful to include it in the 2.2.8-RELEASE errata.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:

From: dannyman <dannyman@dannyland.org>
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  
Subject: Re: docs/9351: 2.2.8-RELEASE/ERRATA.TXT should include getpwent.c semantics
Date: Wed, 6 Jan 1999 16:14:18 -0600

 I reckon I should "submit" a "fix" ... HTH
 
 On Wed, Jan 06, 1999 at 07:42:28PM -0000, dannyman@sasquatch.dannyland.org wrote:
 >Fix:
 
 Append the following, or something like it, to the errata file:
 
 o getpwnam(3) semantics are incorrect in some cases.
 
 Fix: If passed a string longer than the maximum allowed for a user name,
      getpwnam will incorrectly return an entry for a user that matches the
      initial characters in the string up to the maximum length allowed for a
      user name.  To correct this behaviour, libc needs to be patched and
      recompiled.  The appropriate patch can be obtained at
      http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/gen/getpwent.c.diff?r1=1.35.2.2&r2=1.35.2.3
 
 -- 
    ___    http://www.dannyland.org/~dannyman/          dannyman yori aiokomete 
   /___\   University of Illinois: Our Honored Symbol Merits Honored Retirement 
 (o\ | /o)   //  Beetles and Amigas - I'm a sucker for outdated, unsupported
  U"""""U  \\/  hardware which has retained it's unique personality and grace.
State-Changed-From-To: open->closed 
State-Changed-By: jkh 
State-Changed-When: Wed Jan 6 19:59:06 PST 1999 
State-Changed-Why:  
Done, thanks! 
>Unformatted:
