git: 3a686b851f8f - main - dbm_nextkey: Always return an error if we've reached the end of the database

From: Bojan Novković <bnovkov_at_FreeBSD.org>
Date: Thu, 31 Jul 2025 15:28:36 UTC
The branch main has been updated by bnovkov:

URL: https://cgit.FreeBSD.org/src/commit/?id=3a686b851f8fda625010859d210c8a5615ea93fc

commit 3a686b851f8fda625010859d210c8a5615ea93fc
Author:     Bojan Novković <bnovkov@FreeBSD.org>
AuthorDate: 2025-07-30 14:39:54 +0000
Commit:     Bojan Novković <bnovkov@FreeBSD.org>
CommitDate: 2025-07-31 15:27:24 +0000

    dbm_nextkey: Always return an error if we've reached the end of the database
    
    POSIX.1 states that `dbm_nextkey` must return an invalid key
    (i.e., `key.dptr == NULL`) after the end of the database was reached.
    The current implementation of `hash_seq` will incorrectly restart
    the key sequence after the end of the database is reached.
    
    Fix this by checking the "current bucket" index when R_NEXT is passed.
    
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D51635
    Reviewed by:    markj
---
 lib/libc/db/hash/hash.c              |  6 ++--
 lib/libc/tests/db/Makefile           |  1 +
 lib/libc/tests/db/dbm_nextkey_test.c | 53 ++++++++++++++++++++++++++++++++++++
 3 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/lib/libc/db/hash/hash.c b/lib/libc/db/hash/hash.c
index 1eb01ee0f0c5..b1655fe63d55 100644
--- a/lib/libc/db/hash/hash.c
+++ b/lib/libc/db/hash/hash.c
@@ -704,17 +704,19 @@ hash_seq(const DB *dbp, DBT *key, DBT *data, u_int32_t flag)
 	u_int16_t *bp, ndx;
 
 	hashp = (HTAB *)dbp->internal;
-	if (flag && flag != R_FIRST && flag != R_NEXT) {
+	if (flag != R_FIRST || flag != R_NEXT) {
 		hashp->error = errno = EINVAL;
 		return (ERROR);
 	}
 #ifdef HASH_STATISTICS
 	hash_accesses++;
 #endif
-	if ((hashp->cbucket < 0) || (flag == R_FIRST)) {
+	if (flag == R_FIRST) {
 		hashp->cbucket = 0;
 		hashp->cndx = 1;
 		hashp->cpage = NULL;
+	} else if (hashp->cbucket < 0) { /* R_NEXT */
+		return (ABNORMAL);
 	}
 next_bucket:
 	for (bp = NULL; !bp || !bp[0]; ) {
diff --git a/lib/libc/tests/db/Makefile b/lib/libc/tests/db/Makefile
index cc181cc81160..771569183584 100644
--- a/lib/libc/tests/db/Makefile
+++ b/lib/libc/tests/db/Makefile
@@ -9,6 +9,7 @@ ${PACKAGE}FILES+=		README
 
 ATF_TESTS_C+=		dbm_open_test
 ATF_TESTS_C+=		dbm_perm_test
+ATF_TESTS_C+=		dbm_nextkey_test
 
 NETBSD_ATF_TESTS_C+=	db_hash_seq_test
 NETBSD_ATF_TESTS_SH+=	db_test
diff --git a/lib/libc/tests/db/dbm_nextkey_test.c b/lib/libc/tests/db/dbm_nextkey_test.c
new file mode 100644
index 000000000000..67b745efb196
--- /dev/null
+++ b/lib/libc/tests/db/dbm_nextkey_test.c
@@ -0,0 +1,53 @@
+/*-
+ * Copyright (c) 2025 Klara, Inc.
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <fcntl.h>
+#include <ndbm.h>
+#include <stdio.h>
+
+#include <atf-c.h>
+
+static const char *path = "tmp";
+static const char *dbname = "tmp.db";
+
+ATF_TC(dbm_nextkey_test);
+ATF_TC_HEAD(dbm_nextkey_test, tc)
+{
+	atf_tc_set_md_var(tc, "descr",
+	    "Check that dbm_nextkey always returns NULL after reaching the end of the database");
+}
+
+ATF_TC_BODY(dbm_nextkey_test, tc)
+{
+	DBM *db;
+	datum key, data;
+
+	data.dptr = "bar";
+	data.dsize = strlen("bar");
+	key.dptr = "foo";
+	key.dsize = strlen("foo");
+
+	db = dbm_open(path, O_RDWR | O_CREAT, 0755);
+	ATF_CHECK(db != NULL);
+	ATF_REQUIRE(atf_utils_file_exists(dbname));
+	ATF_REQUIRE(dbm_store(db, key, data, DBM_INSERT) != -1);
+
+	key = dbm_firstkey(db);
+	ATF_REQUIRE(key.dptr != NULL);
+	key = dbm_nextkey(db);
+	ATF_REQUIRE(key.dptr == NULL);
+	key = dbm_nextkey(db);
+	ATF_REQUIRE(key.dptr == NULL);
+
+	dbm_close(db);
+}
+
+ATF_TP_ADD_TCS(tp)
+{
+	ATF_TP_ADD_TC(tp, dbm_nextkey_test);
+
+	return (atf_no_error());
+}