From jhawk@MIT.EDU  Sun Oct  6 14:33:06 1996
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA04541 for <bugs@RT-11.MIT.EDU>; Sun, 6 Oct 1996 14:33:05 -0400
Received: from LOLA-GRANOLA.MIT.EDU by MIT.EDU with SMTP
	id AA15979; Sun, 6 Oct 96 14:33:05 EDT
Received: (from jhawk@localhost) by lola-granola.MIT.EDU (8.6.12/8.6.12) id OAA24614; Sun, 6 Oct 1996 14:33:03 -0400
Message-Id: <199610061833.OAA24614@lola-granola.MIT.EDU>
Date: Sun, 6 Oct 1996 14:33:03 -0400
From: John Hawkinson <jhawk@bbnplanet.com>
To: krb5-bugs@MIT.EDU
Subject: telnetd's AUTHENTICATION NAME debugging is broken

>Number:         71
>Category:       telnet
>Synopsis:       telnetd's AUTHENTICATION NAME debugging is broken
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    hartmans
>State:          closed
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Sun Oct e 14:34:01 EDT 1996
>Last-Modified:  Mon Oct e 01:58:29 EDT 1996
>Originator:     
>Organization:
		 BBN Planet
>Release:        beta-7
>Environment:
System: SunOS all-purpo 4.1.4 4 sun4m
Architecture: sun4

>Description:

Whoever wrote this code just wasn't thinking.
It always prints:

	td: recv suboption AUTHENTICATION NAME "

and never prints the actual value.

>How-To-Repeat:

	Run telnetd -D options and telnet -a to the server.
	
>Fix:

(Escaping non-printables may not be strictly necessary, but
it never hurts).
	
*** src/appl/telnet/telnetd/utility.c	1996/10/06 17:51:57	1.1
--- utility.c	1996/10/06 18:22:53
***************
*** 1020,1028 ****
  		i = 2;
  		sprintf(nfrontp, " NAME \"");
  		nfrontp += strlen(nfrontp);
! 		while (i < length)
! 		    *nfrontp += pointer[i++];
! 		*nfrontp += '"';
  		break;
  
  	    default:
--- 1020,1034 ----
  		i = 2;
  		sprintf(nfrontp, " NAME \"");
  		nfrontp += strlen(nfrontp);
! 		while (i < length) {
! 		    if (isprint(pointer[i]))
! 			*nfrontp++ = pointer[i++];
! 		    else {
! 			sprintf(nfrontp, "\"%03o",pointer[i++]);
! 		    	nfrontp += strlen(nfrontp);
! 		    }
! 		}
! 		*nfrontp++ = '"';
  		break;
  
  	    default:

>Audit-Trail:

State-Changed-From-To: open-closed
State-Changed-By: hartmans
State-Changed-When: Mon Oct 14 01:58:19 1996
State-Changed-Why:
Fixed: patch applied.

>Unformatted: