tnozaki / NetBSD / issues / #98 - mdocml: manpath.c off-by-one by making wrong usage of fgetln(3) — Bitbucket

Issue #98 resolved

Takehiko NOZAKI repo owner created an issue 2015-01-31

see following code:

       while (NULL != (p = fgetln(stream, &len))) {
               if (0 == len || '\n' != p[--len])
                       break;
               p[len] = '\0';

if p[len - 1] is not '\n', p[len] = '\0' causes off-by-one buffer overrun, read carefully fgetln(3) manual's CAVEANTS section.

Comments (4)

Takehiko NOZAKI reporter
and more:
```
               if (strncmp(MAN_CONF_KEY, p, keysz))
```
if p's length(=len) is short than keysz, this compare make overrun too.
- 2015-01-31T14:41:06+00:00
Takehiko NOZAKI reporter
- changed status to resolved
BUGFIX: Issue ~~#98~~ - mdocml: manpath.c off-by-one by making wrong usage of fgetln(3).

→ <<cset d4e3729640f6>>
- 2015-01-31T14:43:41+00:00
Takehiko NOZAKI reporter
oops,
```
if p's length(=len) is short than keysz, this compare make overrun too.
```
is not correct, strncmp(3) stop with '\0' unlike memcmp(3). so never overrun ;)
- 2015-01-31T20:38:27+00:00
Takehiko NOZAKI reporter
- changed status to resolved
- 2015-01-31T20:42:13+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1