Return to BSD News archive
Xref: sserve comp.os.386bsd.bugs:2136 comp.bugs.4bsd:2009 Newsgroups: comp.os.386bsd.bugs,comp.bugs.4bsd Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!elroy.jpl.nasa.gov!swrinde!cs.utexas.edu!howland.reston.ans.net!xlink.net!subnet.sub.net!nadia.stgt.sub.org!delos.stgt.sub.org!guru!nils From: nils@guru.stgt.sub.org (Cornelis van der Laan) Subject: Bug in _validuser() in rcmd.c Message-ID: <NILS.94Mar6230935@guru.stgt.sub.org> Lines: 59 Sender: nils@guru.stgt.sub.org (Cornelis van der Laan) Organization: Mehr Anarchie ! Date: Sun, 6 Mar 1994 23:09:35 GMT I read the code of the _validuser() function in Stevens book and detected an error in it (the following code is taken from the FreeBSD 1.0 distribution and seems not to be corrected): In the routine a buffer of len MAXHOSTNAMELEN is used to read in lines from /etc/hosts.equiv, /etc/hosts.lpd and .../.rhosts. As we know, the .rhost file contains pairs of host and user names, of which the hostname can completely fill the buffer so that the username must be ignored. Will someone please correct the buffersize to be at least MAXHOSTNAMELEN+8+1 ? Thanks, Nils ==================================== snip snip ======================= _validuser(hostf, rhost, luser, ruser, baselen) char *rhost, *luser, *ruser; FILE *hostf; int baselen; { register char *p; char *user, ahost[MAXHOSTNAMELEN]; ^^^^^^^^^^^^^^^^^^^^^^ static int _checkhost(); while (fgets(ahost, sizeof (ahost), hostf)) { p = ahost; while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { *p = isupper(*p) ? tolower(*p) : *p; p++; } if (*p == ' ' || *p == '\t') { *p++ = '\0'; while (*p == ' ' || *p == '\t') p++; user = p; ^^^^^^^^^ This may loose if the buffer is too short while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') p++; } else user = p; *p = '\0'; if (_checkhost(rhost, ahost, baselen) && !strcmp(ruser, *user ? user : luser)) { return (0); } } return (-1); } -- ---------------------------------------------------------------- Cornelis van der Laan -- nils@ims.uni-stuttgart.de -- nils@guru.stgt.sub.org # echo Knusper Knusper Knaeuschen > /etc/nologin