[13131] in Athena Bugs
finger bug
daemon@ATHENA.MIT.EDU (aellwood@MIT.EDU)
Thu Jan 26 19:08:57 1995
From: aellwood@MIT.EDU
Date: Thu, 26 Jan 95 19:08:50 -0500
To: bugs@MIT.EDU
Hi, I maintain the electric-monk finger service. One of its users
reported a bug and it appears that since the electric-monk finger was
derived from the athena finger that they share this bug.
The bug is this: When fingering a person with a really long tty on a
DEC, the hostname of the machine they are on is left off.
eg:
athena% finger ericding
Local:
Login name: ericding In real life: ???
Athena-wide:
Login name: ericding In real life: Eric J. Ding
Nickname: Cricket
Office: 11-115, 617-253-1923 Home phone: 617-225-9424
Directory: /mit/ericding Shell: /afs/sipb/project/tcsh/tcsh
On since Thu Jan 26 16:32:13 1995 on hesed:0.0 on host
No Plan.
Basically the problem is there is no bounds checking when the tty and
hostname are copied from the Z_location structure (called location in
the code below) to the person structure defined by finger (called q in
the code below). The hostname copies fine because the host field of
the person structure is 1024 characters long (BUFSIZ).
But in the case above the tty field of the person structure has room
for only 9 characters (LMAX + 1) and the tty field of the Z_location
structure is 10 characters long (hesed:0.0 plus the null character).
So when hesed:0.0 is copied from Z_location structure into the person
structure, the null character is written off the end of the tty field
in the first character of the host field. So the host becomes an empty
string. Doh.
Here is my fix, which is basically to not copy off the end of either
structure and make the last character the null character in case we
would have run over. You might also want to make the tty field of the
person structure larger so that tty's don't get truncated at 8
characters. Currently it's based on the size of the ut_line field of
the utmp structure, which is only 8 chars on the DECs (32 on the Suns,
which is why you don't see this problem there).
(From line 516 of /source/athena/athena.bin/finger/finger.c)
Replace this:
--------------------------------------------------------------------------------
for (i = 1; i <= znloc; i++) {
if ((state = ZGetLocations(&location, &numloc))
!= 0)
break;
else {
(void) strcpy(q->host, location.host);
q->logintime = location.time;
(void) strcpy(q->tty,
location.tty);
q->loggedin = 1;
/* if we can zlocate them, we can
* zwrite them -- if they're
* subscribing. */
q->writable = 1;
}
}
--------------------------------------------------------------------------------
With this:
--------------------------------------------------------------------------------
for (i = 1; i <= znloc; i++) {
if ((state = ZGetLocations(&location, &numloc))
!= 0)
break;
else {
**changed>> (void) strncpy(q->host,
location.host,
sizeof(q->host));
**added>> q->host[sizeof(q->host) - 1] = 0;
q->logintime = location.time;
**changed>> (void) strncpy(q->tty,
location.tty,
sizeof(q->tty));
**added>> q->tty[sizeof(q->tty) - 1] = 0;
q->loggedin = 1;
/* if we can zlocate them, we can
* zwrite them -- if they're
* subscribing. */
q->writable = 1;
}
}
--------------------------------------------------------------------------------
Hope this helps,
Alexadra Ellwood
IS/DCNS MIT
(aellwood@mit.edu)
