[PATCH] BROKEN_STRNDUP and BROKEN_STRNLEN and AIX

Andrew Bartlett abartlet at samba.org
Wed May 22 02:11:00 MDT 2013 

On Wed, 2013-05-22 at 11:05 +0300, Alexander Bokovoy wrote:
> Hi,
> 
> 
> On Wed, May 22, 2013 at 10:39 AM, Andrew Bartlett <abartlet at samba.org>
> wrote:
>         Simo and Christian,
>         
>         I'm wondering if either of you know more about the allegation
>         that
>         strndup and strnlen are broken on AIX?
>         
>         This is one of the very few outstanding config.h differences
>         I'm tracking in
>         https://bugzilla.samba.org/show_bug.cgi?id=8969
>         
>         It appears to be forced on for all AIX hosts:
>         
>         commit 804cfb20a067b4b687089dc72a8271b3abf20f31
>         Author: Simo Sorce <idra at samba.org>
>         Date:   Wed Aug 25 14:24:16 2004 +0000
>         
>             r2070: Let's try to overload srnlen and strndup for AIX
>         where they are natly broken.
>             (This used to be commit
>         98feb3318f54bb48ce56fc8f4721fec4967b9dd9)
>         
>         diff --git a/source3/configure.in b/source3/configure.in
>         index d35e89c..4329665 100644
>         --- a/source3/configure.in
>         +++ b/source3/configure.in
>         @@ -1206,6 +1206,8 @@ if test "$enable_shared" = "yes"; then
>                                 fi
>         
>         
>         AC_DEFINE(STAT_ST_BLOCKSIZE,DEV_BSIZE,[The size of a block])
>         +                       AC_DEFINE(BROKEN_STRNLEN,1,[Does
>         strnlen work correctly])
>         +                       AC_DEFINE(BROKEN_STRNDUP,1,[Does
>         strndup work correctly])
>                                 ;;
>                         *hpux*) AC_DEFINE(HPUX,1,[Whether the host os
>         is HPUX])
>                                 SHLIBEXT="sl"
>         
>         Before I simply do the same in waf (probably in libreplace),
>         do either
>         of you know more of the background here, such as does this
>         apply to all
>         AIX versions, or is it possible to test for it less bluntly?
> This discussion (which refers to our bug #1097) clarifies the issue:
> http://stackoverflow.com/questions/2091460/strndup-call-is-currupting-stack-frames
>  
> 
> strndup() is broken at least on AIX 6.1:
> ".. Tracing through the instructions in strndup, it appears that it
> mallocs a buffer that is just large enough to handle the string in s
> plus a NULL terminator. However, it will always copy n characters to
> the new buffer, padding with zeros if necessary, causing a buffer
> overflow if strlen(s) < n."

The revised attached patch tries to put some of this background into the
code. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-lib-replace-Set-BROKEN_STRNLEN-and-BROKEN_STRNDUP-on.patch
Type: text/x-patch
Size: 1634 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130522/335de210/attachment.bin>

More information about the samba-technical mailing list