YARB (yet another rexec bug!)
Brian Atkins
atkins at opus.UUCP
Fri May 17 06:44:44 AEST 1985
In rexecd.c there is an off-by-one error in getstr.
strings can only by n-1 characters long where n is the size of the buffer
passed into getstr.
***************************************************************
getstr(buf, cnt, err)
char *buf;
int cnt;
char *err;
{
char c;
do {
if (read(0, &c, 1) != 1)
exit(1);
*buf++ = c;
if (--cnt == 0) { <*** craps out on nth char
error("%s too long\n", err);
exit(1);
}
} while (c != 0);
}
***************************************************************
Here is a fix, simple as it is.
***************************************************************
getstr(buf2, cnt, err)
char *buf2;
int cnt;
char *err;
{
char c, *buf;
buf = buf2;
do {
if (cnt-- == 0) {
printf("%s too long\n", err);
exit(1);
}
if (read(0, &c, 1) != 1)
exit(1);
*buf++ = c;
} while (c != 0);
}
***************************************************************
[FLAME ON (for those of you in net.bugs)]
Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!!
More importantly, what punishment has been given!
Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins
NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list