Path: utzoo!attcan!uunet!mcsun!hp4nl!botter!wundt!valke
From: valke@wundt.psy.vu.nl (Peter Valkenburg)
Newsgroups: comp.os.minix
Subject: Fix for strncpy(3)
Keywords: bugs, strncpy
Message-ID: <810@wundt.psy.vu.nl>
Date: 13 Jan 90 02:57:59 GMT
Reply-To: valke@psy.vu.nl (Peter Valkenburg)
Organization: VU Psychologie, Amsterdam
Lines: 43


	Hello,

strncmp() in the MINIX ansi library (not the assembly package) contains
a very annoying bug.  Occasionally it copies a nul character too many.  I
found this out trying to fix what I thought was a bug in who(1).  It
turned out login on 1.5.0 overwrote a stack variable because of the buggy
strncpy, and messed up the wtmp file in the process.

A gross bug in such an important routine - it's enough to drive you paranoid...

Anyway, here's the cdiff to /usr/src/lib/ansi/strncpy.c.  You have to at least
recompile login.  I haven't bothered to find out about other stuff that
depends on this.  You won't have this problem if you used the assembly string
stuff posted recently.

Bye,
			Peter Valkenburg (valke@psy.vu.nl).

--------------cut here--------------cut here--------------cut here------------
*** strcpy.old	Sat Jan 13 03:02:19 1990
--- strncpy.c	Sat Jan 13 03:07:12 1990
***************
*** 15,21 ****
    dscan = dst;
    sscan = src;
    count = n;
!   while (count > 0 && (*dscan++ = *sscan++) != '\0') count--;
    while (count > 0) {
      *dscan++ = '\0'; count--;
    }
--- 15,25 ----
    dscan = dst;
    sscan = src;
    count = n;
!   while (count > 0) {
!   	 count--;
!   	 if ((*dscan++ = *sscan++) == '\0')
!   	 	break;
!   }	 
    while (count > 0) {
      *dscan++ = '\0'; count--;
    }