From ken@lassa.kwd.com Tue Jan 27 14:06:15 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA02360 for <bugs@RT-11.MIT.EDU>; Tue, 27 Jan 1998 14:06:14 -0500
Received: from lassa.KWD.COM by MIT.EDU with SMTP
id AA02744; Tue, 27 Jan 98 14:06:20 EST
Received: (from ken@localhost) by lassa.kwd.com (8.8.5/8.7.3) id OAA04368; Tue, 27 Jan 1998 14:05:57 -0500 (EST)
Message-Id: <199801271905.OAA04368@lassa.kwd.com>
Date: Tue, 27 Jan 1998 14:05:57 -0500 (EST)
From: Ken Dahl <ken@lassa.kwd.com>
Reply-To: ken@lassa.kwd.com
To: krb5-bugs@MIT.EDU
Subject: pty_getpty() broken under BSD
X-Send-Pr-Version: 3.99
System: BSD/OS lassa.kwd.com 3.1 BSDI BSD/OS 3.1 Kernel #6: Mon Nov 3 10:24:17 EST 1997 ken@lassa.kwd.com:/usr/src/sys/compile/LASSA i386
sizeof rather than strlen. I have made a patch that uses numeric
constants instead of either sizeof or strlen since I find the constants
to be just as readble, AND unambiguous. The patch is based on working
kerberosIV source from BSDI.
--- src/util/pty/getpty.c Tue Jan 27 13:47:48 1998
***************
*** 109,127 ****
strncpy(slave, slavebuf, slavelength);
return 0;
} else {
for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
! sprintf(slavebuf,"/dev/ptyXX");
! slavebuf[sizeof("/dev/pty")] = *cp;
! slavebuf[sizeof("/dev/ptyp")] = '0';
if (stat(slavebuf, &stb) < 0)
break;
for (i = 0; i < 16; i++) {
! slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i];
*fd = open(slavebuf, O_RDWR);
if (*fd < 0) continue;
/* got pty */
! slavebuf[strlen("/dev/")] = 't';
if (strlen(slavebuf) > slavelength -1) {
close(*fd);
*fd = -1;
--- 109,132 ----
strncpy(slave, slavebuf, slavelength);
return 0;
} else {
+ char *p1, *p2;
+
+ sprintf(slavebuf,"/dev/ptyXX");
+ p1 = &slavebuf[8];
+ p2 = &slavebuf[9];
+
for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
! *p1 = *cp;
! *p2 = '0';
if (stat(slavebuf, &stb) < 0)
break;
for (i = 0; i < 16; i++) {
! *p2 = "0123456789abcdef"[i];
*fd = open(slavebuf, O_RDWR);
if (*fd < 0) continue;
/* got pty */
! slavebuf[5] = 't';
if (strlen(slavebuf) > slavelength -1) {
close(*fd);
*fd = -1;
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Jan 27 22:33:49 1998
State-Changed-Why:
This is a known bug and will be fixed in the 1.0.5 patch release.
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA02360 for <bugs@RT-11.MIT.EDU>; Tue, 27 Jan 1998 14:06:14 -0500
Received: from lassa.KWD.COM by MIT.EDU with SMTP
id AA02744; Tue, 27 Jan 98 14:06:20 EST
Received: (from ken@localhost) by lassa.kwd.com (8.8.5/8.7.3) id OAA04368; Tue, 27 Jan 1998 14:05:57 -0500 (EST)
Message-Id: <199801271905.OAA04368@lassa.kwd.com>
Date: Tue, 27 Jan 1998 14:05:57 -0500 (EST)
From: Ken Dahl <ken@lassa.kwd.com>
Reply-To: ken@lassa.kwd.com
To: krb5-bugs@MIT.EDU
Subject: pty_getpty() broken under BSD
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 539
>Category: pty
>Synopsis: pty_getpty() broken under BSD
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: hartmans
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Jan 27 14:07:03 EST 1998
>Last-Modified: Tue Jan 27 22:34:05 EST 1998
>Originator: Ken Dahl
>Organization:
>Category: pty
>Synopsis: pty_getpty() broken under BSD
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: hartmans
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Jan 27 14:07:03 EST 1998
>Last-Modified: Tue Jan 27 22:34:05 EST 1998
>Originator: Ken Dahl
>Organization:
Show quoted text
>Release: krb5-1.0.4
>Environment:
>Environment:
System: BSD/OS lassa.kwd.com 3.1 BSDI BSD/OS 3.1 Kernel #6: Mon Nov 3 10:24:17 EST 1997 ken@lassa.kwd.com:/usr/src/sys/compile/LASSA i386
Show quoted text
>Description:
There are off-by-one errors in pty_getpty() caused by use ofsizeof rather than strlen. I have made a patch that uses numeric
constants instead of either sizeof or strlen since I find the constants
to be just as readble, AND unambiguous. The patch is based on working
kerberosIV source from BSDI.
Show quoted text
>How-To-Repeat:
Show quoted text
>Fix:
*** src/util/pty/getpty.c.orig Tue Jan 27 13:19:07 1998--- src/util/pty/getpty.c Tue Jan 27 13:47:48 1998
***************
*** 109,127 ****
strncpy(slave, slavebuf, slavelength);
return 0;
} else {
for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
! sprintf(slavebuf,"/dev/ptyXX");
! slavebuf[sizeof("/dev/pty")] = *cp;
! slavebuf[sizeof("/dev/ptyp")] = '0';
if (stat(slavebuf, &stb) < 0)
break;
for (i = 0; i < 16; i++) {
! slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i];
*fd = open(slavebuf, O_RDWR);
if (*fd < 0) continue;
/* got pty */
! slavebuf[strlen("/dev/")] = 't';
if (strlen(slavebuf) > slavelength -1) {
close(*fd);
*fd = -1;
--- 109,132 ----
strncpy(slave, slavebuf, slavelength);
return 0;
} else {
+ char *p1, *p2;
+
+ sprintf(slavebuf,"/dev/ptyXX");
+ p1 = &slavebuf[8];
+ p2 = &slavebuf[9];
+
for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
! *p1 = *cp;
! *p2 = '0';
if (stat(slavebuf, &stb) < 0)
break;
for (i = 0; i < 16; i++) {
! *p2 = "0123456789abcdef"[i];
*fd = open(slavebuf, O_RDWR);
if (*fd < 0) continue;
/* got pty */
! slavebuf[5] = 't';
if (strlen(slavebuf) > slavelength -1) {
close(*fd);
*fd = -1;
Show quoted text
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Jan 27 22:33:49 1998
State-Changed-Why:
This is a known bug and will be fixed in the 1.0.5 patch release.
Show quoted text
>Unformatted: