[1320] in Athena Bugs
4.3BSD writed bug
daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Mon Nov 7 01:20:34 1988
Date: Mon, 7 Nov 88 01:20:11 EST
From: Mark W. Eichin <eichin@ATHENA.MIT.EDU>
To: bugs@ATHENA.MIT.EDU
System type, version: /source/4.3/bin/etc/writed.c
What's wrong:
main(argc, argv)
char *argv[];
{
...
char line[512];
...
gets(line);
...
execv("/bin/write", av);
_exit(1);
}
This is a similar piece of code to that in the finger daemon; note
however that it is NOT at risk in the same way, since the procedure
never returns.
Fix: as usual, change gets(line); to fgets(line, 512, stdin);. Also,
for cleanliness, DON'T use 512, use BUFSIZ (from <stdio.h>.)
What should have happened:
gets shouldn't be used, and should be better documented so people
don't make these mistakes...
Mark Eichin
<eichin@athena.mit.edu>
SIPB Member & Project Athena ``Watchmaker''
