[5779] in Athena Bugs
vax 7.1D: moira
daemon@ATHENA.MIT.EDU (marc@MIT.EDU)
Mon Aug 20 18:04:37 1990
From: marc@MIT.EDU
To: bugs@ATHENA.MIT.EDU
Date: Mon, 20 Aug 90 18:04:15 EDT
System name: beeblebrox
Type and version: CVAXSTAR 7.1D (3 update(s) to same version)
Display type: SM
What were you trying to do?
build moira off-site
What's wrong:
there are static buffers which are far too small. I ran into it
in src/gen/nfs.qc (/mit/moiradev in Athena's tree). On line
284:
char file[64], f1[64], f2[64], *cp, *index();
64 characters is far too small for a pathname. In my case, f2
was exactly 64 characters long, so the first char of f1 was overlaid
by a \0, making the bug even more subtle. Needless to say, the link()
call later in the function returned an error. returned an error.
What should have happened:
Every place a static buffer for a filename is allocated, it
should be MAX_PATH bytes long. In nfs.qc, static buffers are used for sprintf targets for system() commands, as well. For example:
if (argc == 2) {
sprintf(cmd, "cd %s; cp %s/nfs/* .; tar cf %s .",
nfs_dir, SMS_DIR, argv[1]);
if (system(cmd))
exit(MR_TAR_FAIL);
}
Out the the 64 characters allocated for cmd, 28 are already used, 32
if you look at how nfs_dir is created. This leaves 32 characters
(total!) for DCM_DIR, SMS_DIR, and argv[1]. At athena, DCM_DIR and
SMS_DIR are 10 bytes and 6 bytes. argv[1] is "nfs.out", 7 chars.
This leaves sites 9 whole characters for larger filenames. I'd
recommend that cmd be at least PATH_MAX+30 bytes long.
Also, there might be some problems with empty loops in nfs.qc. every
occurrence of fclose(fd) in do_machs should check that fd != stdin.
mar will know what I mean here.
Please describe any relevant documentation references:
Use the Force, Read the Source
