*BSD News Article 28169


Return to BSD News archive

Xref: sserve comp.os.386bsd.bugs:2137 comp.bugs.4bsd:2010
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!pipex!uknet!EU.net!sun4nl!fwi.uva.nl!casper
From: casper@fwi.uva.nl (Casper H.S. Dik)
Newsgroups: comp.os.386bsd.bugs,comp.bugs.4bsd
Subject: Re: Bug in _validuser() in rcmd.c
Date: 7 Mar 1994 17:50:33 GMT
Organization: FWI, University of Amsterdam
Lines: 27
Distribution: world
Message-ID: <2lfph9$rg7@mail.fwi.uva.nl>
References: <NILS.94Mar6230935@guru.stgt.sub.org>
NNTP-Posting-Host: adam.fwi.uva.nl

nils@guru.stgt.sub.org (Cornelis van der Laan) writes:


>I read the code of the _validuser() function in Stevens book 
>and detected an error in it (the following code is taken from
>the FreeBSD 1.0  distribution and seems not to be corrected):

>In the routine a buffer of len MAXHOSTNAMELEN is used to read
>in lines from /etc/hosts.equiv, /etc/hosts.lpd and .../.rhosts. 

>As we know, the .rhost file contains pairs of host and user
>names, of which the hostname can completely fill the buffer 
>so that the username must be ignored.

>Will someone please correct the buffersize to be at least
>MAXHOSTNAMELEN+8+1 ?

>Thanks, Nils

It's not that important.  And even then, MAXHOSTNAMELEN+8+1 may not be enough.
You're allowed to put as many spaces between the hostname and the
user name as you please.

The code should check whether it reads to few bytes (i.e., no trailing \n)
and throw away the buffer in that case and the rest of the input line.

Casper