From owner-freebsd-bugs  Wed Aug 27 03:59:59 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id DAA25906
          for bugs-outgoing; Wed, 27 Aug 1997 03:59:59 -0700 (PDT)
Received: from oskar.nanoteq.co.za (oskar.nanoteq.co.za [163.195.220.170])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id DAA25889
          for <freebsd-bugs@freebsd.org>; Wed, 27 Aug 1997 03:59:39 -0700 (PDT)
Received: (from rbezuide@localhost)
	by oskar.nanoteq.co.za (8.8.7/8.8.5) id MAA13508
	for freebsd-bugs@freebsd.org; Wed, 27 Aug 1997 12:58:25 +0200 (SAT)
From: Reinier Bezuidenhout <rbezuide@oskar.nanoteq.co.za>
Message-Id: <199708271058.MAA13508@oskar.nanoteq.co.za>
Subject: Bug fix for 2.2-STABLE perl 4.0
To: freebsd-bugs@freebsd.org
Date: Wed, 27 Aug 1997 12:58:25 +0200 (SAT)
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hi ...

I'm running the plexus perl web server, after I upgraded to
2.2-STABLE the server would no longer start with a
"Identifier too long" error log ...

I had a look at the source code and saw the changes made on the
8/8/97 to fix a buffer overflow problem as stated by a CERT
advisory.  The fix was to add the length as a fourth parameter
to the function call scanident.  After grepping throught the code
I saw that not all calls to "scanident" was updated to have the
fourth parameter and would thus result in a bogus value ...

I changed all the calls I could find and recompiled perl. It
seems to work fine now, Joerg, could you have a look at this?

Thanx
Reinier


The patch for toke.c

-------------------------------------------

*** toke.c.old	Wed Aug 27 12:43:23 1997
--- toke.c	Wed Aug 27 12:57:01 1997
***************
*** 1770,1786 ****
  	    arg->arg_type = O_ITEM;
  	    arg[1].arg_type = A_DOUBLE;
  	    arg[1].arg_ptr.arg_str = str_smake(str);
! 	    d = scanident(d,bufend,buf);
  	    (void)stabent(buf,TRUE);		/* make sure it's created */
  	    for (; d < e; d++) {
  		if (*d == '\\')
  		    d++;
  		else if (*d == '$' && d[1] && d[1] != '|' && d[1] != ')') {
! 		    d = scanident(d,bufend,buf);
  		    (void)stabent(buf,TRUE);
  		}
  		else if (*d == '@') {
! 		    d = scanident(d,bufend,buf);
  		    if (strEQ(buf,"ARGV") || strEQ(buf,"ENV") ||
  		      strEQ(buf,"SIG") || strEQ(buf,"INC"))
  			(void)stabent(buf,TRUE);
--- 1770,1786 ----
  	    arg->arg_type = O_ITEM;
  	    arg[1].arg_type = A_DOUBLE;
  	    arg[1].arg_ptr.arg_str = str_smake(str);
! 	    d = scanident(d,bufend,buf,sizeof buf);
  	    (void)stabent(buf,TRUE);		/* make sure it's created */
  	    for (; d < e; d++) {
  		if (*d == '\\')
  		    d++;
  		else if (*d == '$' && d[1] && d[1] != '|' && d[1] != ')') {
! 		    d = scanident(d,bufend,buf,sizeof buf);
  		    (void)stabent(buf,TRUE);
  		}
  		else if (*d == '@') {
! 		    d = scanident(d,bufend,buf,sizeof buf);
  		    if (strEQ(buf,"ARGV") || strEQ(buf,"ENV") ||
  		      strEQ(buf,"SIG") || strEQ(buf,"INC"))
  			(void)stabent(buf,TRUE);
***************
*** 1854,1868 ****
  	    arg->arg_type = O_ITEM;
  	    arg[1].arg_type = A_DOUBLE;
  	    arg[1].arg_ptr.arg_str = str_smake(str);
! 	    d = scanident(d,e,buf);
  	    (void)stabent(buf,TRUE);		/* make sure it's created */
  	    for (; *d; d++) {
  		if (*d == '$' && d[1] && d[-1] != '\\' && d[1] != '|') {
! 		    d = scanident(d,e,buf);
  		    (void)stabent(buf,TRUE);
  		}
  		else if (*d == '@' && d[-1] != '\\') {
! 		    d = scanident(d,e,buf);
  		    if (strEQ(buf,"ARGV") || strEQ(buf,"ENV") ||
  		      strEQ(buf,"SIG") || strEQ(buf,"INC"))
  			(void)stabent(buf,TRUE);
--- 1854,1868 ----
  	    arg->arg_type = O_ITEM;
  	    arg[1].arg_type = A_DOUBLE;
  	    arg[1].arg_ptr.arg_str = str_smake(str);
! 	    d = scanident(d,e,buf,sizeof buf);
  	    (void)stabent(buf,TRUE);		/* make sure it's created */
  	    for (; *d; d++) {
  		if (*d == '$' && d[1] && d[-1] != '\\' && d[1] != '|') {
! 		    d = scanident(d,e,buf,sizeof buf);
  		    (void)stabent(buf,TRUE);
  		}
  		else if (*d == '@' && d[-1] != '\\') {
! 		    d = scanident(d,e,buf,sizeof buf);
  		    if (strEQ(buf,"ARGV") || strEQ(buf,"ENV") ||
  		      strEQ(buf,"SIG") || strEQ(buf,"INC"))
  			(void)stabent(buf,TRUE);
***************
*** 2457,2463 ****
  			(*s == '@' && s+1 < send) ) {
  			if (s[1] == '#' && (isALPHA(s[2]) || s[2] == '_'))
  			    *d++ = *s++;
! 			len = scanident(s,send,tokenbuf) - s;
  			if (*s == '$' || strEQ(tokenbuf,"ARGV")
  			  || strEQ(tokenbuf,"ENV")
  			  || strEQ(tokenbuf,"SIG")
--- 2457,2463 ----
  			(*s == '@' && s+1 < send) ) {
  			if (s[1] == '#' && (isALPHA(s[2]) || s[2] == '_'))
  			    *d++ = *s++;
! 			len = scanident(s,send,tokenbuf,sizeof tokenbuf) - s;
  			if (*s == '$' || strEQ(tokenbuf,"ARGV")
  			  || strEQ(tokenbuf,"ENV")
  			  || strEQ(tokenbuf,"SIG")
***************
*** 2739,2745 ****
  		    case '$':
  			str_ncat(str, t, s - t);
  			t = s;
! 			s = scanident(s,eol,tokenbuf);
  			str_ncat(str, t, s - t);
  			t = s;
  			if (s < eol && *s && index("$'\"",*s))
--- 2739,2745 ----
  		    case '$':
  			str_ncat(str, t, s - t);
  			t = s;
! 			s = scanident(s,eol,tokenbuf,sizeof tokenbuf);
  			str_ncat(str, t, s - t);
  			t = s;
  			if (s < eol && *s && index("$'\"",*s))