This is the mail archive of the libc-hacker@sourceware.org mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] off by one error in nis-publickey


On Fri, Oct 28, Ulrich Drepper wrote:

> Thorsten Kukuk wrote:
> > there is a off by one error in nis-publickey:
> 
> While this is correct for the current definition of the array the
> question is why is the array and the strncpy not defined as 2 *
> HEXKEYBYTES + 1.
> 
> The memcmp starts at HEXKEYBYTES and continues for KEYCHECKSUMSIZE.  In
> fact, the array should be HEXKEYBYTES + KEYCHECKSUMSIZE in size (no NUL
> byte needed).  So, why doesn't it do it like this?

Because you ignores the data you get from the entry, the xdecrypt() 
call and the fact, that the NIS definition is very unclear about the
NUL byte and different implementations handle that different.

  Thorsten

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk@suse.de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]