*BSD News Article 28173


Return to BSD News archive

Xref: sserve comp.os.386bsd.bugs:2136 comp.bugs.4bsd:2009
Newsgroups: comp.os.386bsd.bugs,comp.bugs.4bsd
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!elroy.jpl.nasa.gov!swrinde!cs.utexas.edu!howland.reston.ans.net!xlink.net!subnet.sub.net!nadia.stgt.sub.org!delos.stgt.sub.org!guru!nils
From: nils@guru.stgt.sub.org (Cornelis van der Laan)
Subject: Bug in _validuser() in rcmd.c
Message-ID: <NILS.94Mar6230935@guru.stgt.sub.org>
Lines: 59
Sender: nils@guru.stgt.sub.org (Cornelis van der Laan)
Organization: Mehr Anarchie !
Date: Sun, 6 Mar 1994 23:09:35 GMT


I read the code of the _validuser() function in Stevens book 
and detected an error in it (the following code is taken from
the FreeBSD 1.0  distribution and seems not to be corrected):

In the routine a buffer of len MAXHOSTNAMELEN is used to read
in lines from /etc/hosts.equiv, /etc/hosts.lpd and .../.rhosts. 

As we know, the .rhost file contains pairs of host and user
names, of which the hostname can completely fill the buffer 
so that the username must be ignored.

Will someone please correct the buffersize to be at least
MAXHOSTNAMELEN+8+1 ?

Thanks, Nils

==================================== snip snip =======================

_validuser(hostf, rhost, luser, ruser, baselen)
	char *rhost, *luser, *ruser;
	FILE *hostf;
	int baselen;
{
  register char *p;
  char *user, ahost[MAXHOSTNAMELEN];
              ^^^^^^^^^^^^^^^^^^^^^^
  static int _checkhost();

  while (fgets(ahost, sizeof (ahost), hostf)) {
    p = ahost;
    while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
      *p = isupper(*p) ? tolower(*p) : *p;
      p++;
    }
    if (*p == ' ' || *p == '\t') {
      *p++ = '\0';
      while (*p == ' ' || *p == '\t')
	p++;
      user = p;
      ^^^^^^^^^ This may loose if the buffer is too short 
      while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0')
	p++;
    } else
      user = p;
    *p = '\0';
    if (_checkhost(rhost, ahost, baselen) &&
	!strcmp(ruser, *user ? user : luser)) {
      return (0);
    }
  }
  return (-1);
}

--
----------------------------------------------------------------
Cornelis van der Laan -- nils@ims.uni-stuttgart.de
                      -- nils@guru.stgt.sub.org
# echo Knusper Knusper Knaeuschen > /etc/nologin