Path: utzoo!mnetor!uunet!mcvax!cernvax!ethz!forty2!vogel
From: vogel@forty2.UUCP (Stefan Vogel)
Newsgroups: comp.sources.bugs
Subject: bug in sush
Message-ID: <123@forty2.UUCP>
Date: 11 Dec 87 17:02:58 GMT
Reply-To: vogel@forty2.UUCP (Stefan Vogel)
Organization: Exp. Physics University Zuerich
Lines: 33

We found the following bug in sushperm.c of the sush distribution:

In routine addgroup the pointer gpmem was incremented before it was used.
So, the first member of the group was never found, and the reference to
the last member lead to an illegal memory reference (NULL pointer!).

original code:

	 gpmem = gpt->gr_mem;
	 while(*gpmem++) {  <------------------gpmem is incremented
		 if(!strcmp(user,*gpmem))  <---gpmem is used
			 ok++;
	 }

	 /* auth failed - return */

corrected code:

	 gpmem = gpt->gr_mem;
	 while(*gpmem) {
		 if(!strcmp(user,*gpmem++))
			 ok++;
	 }

	 /* auth failed - return */

                              Stefan Vogel, Simon Poole
                              Inst. for Theoretical Physics
                              University of Zuerich
                              Switzerland

                              UUCP:   ....mcvac!cernvax!forty2!vogel
                              BITNET: k524911@czhrzu1a