YARB (yet another rexec bug!)
PAD Powell
padpowell at wateng.UUCP
Sat May 18 21:57:30 AEST 1985
In article <1204 at opus.UUCP> atkins at opus.UUCP (Brian Atkins) writes:
>
> In rexecd.c there is an off-by-one error in getstr.
>strings can only by n-1 characters long where n is the size of the buffer
>passed into getstr.
>***************************************************************
>
>***************************************************************
>Here is a fix, simple as it is.
>***************************************************************
>
>getstr(buf2, cnt, err)
> char *buf2;
> int cnt;
> char *err;
>{
> char c, *buf;
>
> buf = buf2;
> do {
> if (cnt-- == 0) {
> printf("%s too long\n", err);
> exit(1);
> }
> if (read(0, &c, 1) != 1)
> exit(1);
> *buf++ = c;
> } while (c != 0);
**** *buff = '\0'; <--- terminating 0
>}
>
>***************************************************************
>Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins
>NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710
Don't forget to add the terminating 0.
Patrick Powell
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list