[2862] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

pending/533: PATCH: krb-1.0.4 util/pty

daemon@ATHENA.MIT.EDU (Larry Schwimmer)
Fri Jan 23 20:23:33 1998

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU,
        Larry Schwimmer <opusl@whatmore.Stanford.EDU>
Date: Fri, 23 Jan 1998 17:22:41 -0800 (PST)
From: Larry Schwimmer <opusl@whatmore.Stanford.EDU>
To: krb5-bugs@MIT.EDU
Cc: schwim@leland.stanford.edu


>Number:         533
>Category:       pending
>Synopsis:       PATCH: krb-1.0.4 util/pty
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Fri Jan 23 20:23:01 EST 1998
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Submitter-Id:	net
Originator:	Larry Schwimmer
Confidential:	no
Synopsis:	
Severity:	serious
Category:	krb5-libs
Class:		sw-bug
Release:	krb5-1.0.4
Environment:

	HP-UX, Linux

Description:

	1.0.4 made some changes to getpty.c, and the code was
unfortunately changed to perform a needless optimization.  strlen was
substituted with sizeof; they are not equivalent.
	
How-To-Repeat:

	Compile 1.0.4.  Install telnetd or klogind.  Watch connections
fail with an unable to allocate pty error.

Fix:

	This reverts the 1.0.4 patch.  Using "sizeof(string) - 1"
instead of strlen(string) would probably also work, but just reverting
seemed safe.  The CPU time required to compute the length of a nine
byte string should be tolerable on today's machines. (-:

--- util/pty/getpty.c.orig	Thu Dec 11 14:10:46 1997
+++ util/pty/getpty.c	Sat Jan 17 14:26:27 1998
***************
*** 111,118 ****
      } else {
      	for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
  	    sprintf(slavebuf,"/dev/ptyXX");
- 	    slavebuf[sizeof("/dev/pty")] = *cp;
- 	    slavebuf[sizeof("/dev/ptyp")] = '0';
  	    if (stat(slavebuf, &stb) < 0)
  		break;
  	    for (i = 0; i < 16; i++) {
--- 111,118 ----
      } else {
      	for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
  	    sprintf(slavebuf,"/dev/ptyXX");
+ 	    slavebuf[strlen("/dev/pty")] = *cp;
+ 	    slavebuf[strlen("/dev/ptyp")] = '0';
  	    if (stat(slavebuf, &stb) < 0)
  		break;
  	    for (i = 0; i < 16; i++) {
home help back first fref pref prev next nref lref last post