Bug in finger.c
Keith Gabryelski
ag at amix.commodore.com
Mon May 27 01:10:06 AEST 1991
Crossposted to comp.bugs.sys5 becausethe bug is in SVR4, also.
In article <7961 at awdprime.UUCP> jfh at greenber.austin.ibm.com (John F Haugh II)
writes:
>In .../src/ucb/finger.c, there is a code fragment down around line 1074
>(version 5.8 dated 3/13/86) that reads
>
> if (isprint(c) || isspace(c))
> putchar(c);
> else
> putchar(c ^ 100);
>
>Now what are they doing XOR'ing that poor character against 100 =decimal=?
I noticed this happens in three places in the code. Even if the
code used ``c ^ 0100'' a user could still send a CSI (0x9b).
Pax, Keith
Ps, My diffs: (for a SVR4 machine so line numbers may be bogus)
*** finger.c- Sun May 26 10:49:02 1991
--- finger.c Sun May 26 10:50:28 1991
***************
*** 491,497 ****
if (isprint(c) || isspace(c))
putchar(c);
else
! putchar(c ^ 100);
}
fclose(fp);
putchar('\n');
--- 491,497 ----
if (isprint(c) || isspace(c))
putchar(c);
else
! break;
}
fclose(fp);
putchar('\n');
***************
*** 511,517 ****
if (isprint(c) || isspace(c))
putchar(c);
else
! putchar(c ^ 100);
fclose(fp);
}
free(s);
--- 511,517 ----
if (isprint(c) || isspace(c))
putchar(c);
else
! break;
fclose(fp);
}
free(s);
***************
*** 1022,1028 ****
if (isprint(c) || isspace(c))
putchar(c);
else
! putchar(c ^ 100);
}
if (lastc != '\n')
putchar('\n');
--- 1022,1028 ----
if (isprint(c) || isspace(c))
putchar(c);
else
! break;
}
if (lastc != '\n')
putchar('\n');
--
Keith Gabryelski Advanced Products Group
ag at amix.commodore.com ...!cbmvax!amix!ag
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list