[2307] in Kerberos-V5-bugs
telnet/71: telnetd's AUTHENTICATION NAME debugging is broken
daemon@ATHENA.MIT.EDU (John Hawkinson)
Sun Oct 6 14:34:15 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: hartmans@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, John Hawkinson <jhawk@bbnplanet.com>
Date: Sun, 6 Oct 1996 14:33:03 -0400
From: John Hawkinson <jhawk@bbnplanet.com>
To: krb5-bugs@MIT.EDU
>Number: 71
>Category: telnet
>Synopsis: telnetd's AUTHENTICATION NAME debugging is broken
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: hartmans
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Oct e 14:34:01 EDT 1996
>Last-Modified:
>Originator:
>Organization:
BBN Planet
>Release: beta-7
>Environment:
System: SunOS all-purpo 4.1.4 4 sun4m
Architecture: sun4
>Description:
Whoever wrote this code just wasn't thinking.
It always prints:
td: recv suboption AUTHENTICATION NAME "
and never prints the actual value.
>How-To-Repeat:
Run telnetd -D options and telnet -a to the server.
>Fix:
(Escaping non-printables may not be strictly necessary, but
it never hurts).
*** src/appl/telnet/telnetd/utility.c 1996/10/06 17:51:57 1.1
--- utility.c 1996/10/06 18:22:53
***************
*** 1020,1028 ****
i = 2;
sprintf(nfrontp, " NAME \"");
nfrontp += strlen(nfrontp);
! while (i < length)
! *nfrontp += pointer[i++];
! *nfrontp += '"';
break;
default:
--- 1020,1034 ----
i = 2;
sprintf(nfrontp, " NAME \"");
nfrontp += strlen(nfrontp);
! while (i < length) {
! if (isprint(pointer[i]))
! *nfrontp++ = pointer[i++];
! else {
! sprintf(nfrontp, "\"%03o",pointer[i++]);
! nfrontp += strlen(nfrontp);
! }
! }
! *nfrontp++ = '"';
break;
default:
>Audit-Trail:
>Unformatted:
