[2858] in Kerberos-V5-bugs
pty/529: getpty problem under BSD 4.4
daemon@ATHENA.MIT.EDU (Chris P. Ross)
Mon Jan 19 17:04:09 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: hartmans@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, cross@va.pubnix.com
Date: Mon, 19 Jan 1998 17:03:47 -0500 (EST)
From: cross@va.pubnix.com (Chris P. Ross)
Reply-To: cross@va.pubnix.com
To: krb5-bugs@MIT.EDU
Cc: cross@va.pubnix.com
>Number: 529
>Category: pty
>Synopsis: getpty fails on BSD/OS 3.x (and presumedly other BSD 4.4 variants)
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: hartmans
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Jan 19 17:04:01 EST 1998
>Last-Modified:
>Originator: Chris P. Ross
>Organization:
UUNET Technologies
>Release: krb5-1.0.4
>Environment:
BSD/OS 3.0 and 3.1, intel and sparc
>Description:
Compile telnetd or rlogind, and try to use it. It will not work,
failing to find a valid pty...
>How-To-Repeat:
same...
>Fix:
Stop using all of strlen("foo"), sizeof("foo"), and (strlen("foo") - 1)
in the same function. Makes it hard to see this kind of bug.
>Audit-Trail:
>Unformatted:
>System: BSD/OS ballista.va.pubnix.com 3.1 BSDI BSD/OS 3.1 Kernel #5: Fri Nov 21 16:28:46 EST 1997 lidl@pembroke.va.pubnix.com:/export/src/bsdi/sys/compile/DESKTOP i386
>Patch:
Index: getpty.c
===================================================================
RCS file: /export/src/CVS/usr.local/krb5/src/util/pty/getpty.c,v
retrieving revision 1.1.1.2
retrieving revision 1.2
diff -c -r1.1.1.2 -r1.2
*** getpty.c 1997/12/17 15:18:20 1.1.1.2
--- getpty.c 1998/01/13 12:46:54 1.2
***************
*** 111,118 ****
} else {
for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
sprintf(slavebuf,"/dev/ptyXX");
! slavebuf[sizeof("/dev/pty")] = *cp;
! slavebuf[sizeof("/dev/ptyp")] = '0';
if (stat(slavebuf, &stb) < 0)
break;
for (i = 0; i < 16; i++) {
--- 111,118 ----
} else {
for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
sprintf(slavebuf,"/dev/ptyXX");
! slavebuf[strlen("/dev/pty")] = *cp;
! slavebuf[strlen("/dev/ptyp")] = '0';
if (stat(slavebuf, &stb) < 0)
break;
for (i = 0; i < 16; i++) {
