Skip Menu |
 

History Show all quoted textShow full headers
# Mon Aug 19 14:23:44 2002 The RT System itself - Default: Import/ changed from (no value) to (no value)
Download (untitled) / with headers
text/plain 3KiB
From ken@lassa.kwd.com Tue Jan 27 14:06:15 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA02360 for <bugs@RT-11.MIT.EDU>; Tue, 27 Jan 1998 14:06:14 -0500
Received: from lassa.KWD.COM by MIT.EDU with SMTP
id AA02744; Tue, 27 Jan 98 14:06:20 EST
Received: (from ken@localhost) by lassa.kwd.com (8.8.5/8.7.3) id OAA04368; Tue, 27 Jan 1998 14:05:57 -0500 (EST)
Message-Id: <199801271905.OAA04368@lassa.kwd.com>
Date: Tue, 27 Jan 1998 14:05:57 -0500 (EST)
From: Ken Dahl <ken@lassa.kwd.com>
Reply-To: ken@lassa.kwd.com
To: krb5-bugs@MIT.EDU
Subject: pty_getpty() broken under BSD
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 539
>Category: pty
>Synopsis: pty_getpty() broken under BSD
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: hartmans
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Jan 27 14:07:03 EST 1998
>Last-Modified: Tue Jan 27 22:34:05 EST 1998
>Originator: Ken Dahl
>Organization:

Show quoted text
>Release: krb5-1.0.4
>Environment:

System: BSD/OS lassa.kwd.com 3.1 BSDI BSD/OS 3.1 Kernel #6: Mon Nov 3 10:24:17 EST 1997 ken@lassa.kwd.com:/usr/src/sys/compile/LASSA i386


Show quoted text
>Description:
There are off-by-one errors in pty_getpty() caused by use of
sizeof rather than strlen. I have made a patch that uses numeric
constants instead of either sizeof or strlen since I find the constants
to be just as readble, AND unambiguous. The patch is based on working
kerberosIV source from BSDI.

Show quoted text
>How-To-Repeat:

Show quoted text
>Fix:
*** src/util/pty/getpty.c.orig Tue Jan 27 13:19:07 1998
--- src/util/pty/getpty.c Tue Jan 27 13:47:48 1998
***************
*** 109,127 ****
strncpy(slave, slavebuf, slavelength);
return 0;
} else {
for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
! sprintf(slavebuf,"/dev/ptyXX");
! slavebuf[sizeof("/dev/pty")] = *cp;
! slavebuf[sizeof("/dev/ptyp")] = '0';
if (stat(slavebuf, &stb) < 0)
break;
for (i = 0; i < 16; i++) {
! slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i];
*fd = open(slavebuf, O_RDWR);
if (*fd < 0) continue;

/* got pty */
! slavebuf[strlen("/dev/")] = 't';
if (strlen(slavebuf) > slavelength -1) {
close(*fd);
*fd = -1;
--- 109,132 ----
strncpy(slave, slavebuf, slavelength);
return 0;
} else {
+ char *p1, *p2;
+
+ sprintf(slavebuf,"/dev/ptyXX");
+ p1 = &slavebuf[8];
+ p2 = &slavebuf[9];
+
for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
! *p1 = *cp;
! *p2 = '0';
if (stat(slavebuf, &stb) < 0)
break;
for (i = 0; i < 16; i++) {
! *p2 = "0123456789abcdef"[i];
*fd = open(slavebuf, O_RDWR);
if (*fd < 0) continue;

/* got pty */
! slavebuf[5] = 't';
if (strlen(slavebuf) > slavelength -1) {
close(*fd);
*fd = -1;
Show quoted text
>Audit-Trail:

State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Jan 27 22:33:49 1998
State-Changed-Why:

This is a known bug and will be fixed in the 1.0.5 patch release.

Show quoted text
>Unformatted:
# Mon Aug 19 14:23:45 2002 The RT System itself - Component pty added
# Mon Aug 19 14:23:45 2002 The RT System itself - Version_reported 1.0.4 added
# Wed Mar 12 00:31:34 2003 tlyu (Taylor Yu) - Version_Fixed 1.2 added