Return to BSD News archive
Xref: sserve comp.os.386bsd.bugs:2137 comp.bugs.4bsd:2010 Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!pipex!uknet!EU.net!sun4nl!fwi.uva.nl!casper From: casper@fwi.uva.nl (Casper H.S. Dik) Newsgroups: comp.os.386bsd.bugs,comp.bugs.4bsd Subject: Re: Bug in _validuser() in rcmd.c Date: 7 Mar 1994 17:50:33 GMT Organization: FWI, University of Amsterdam Lines: 27 Distribution: world Message-ID: <2lfph9$rg7@mail.fwi.uva.nl> References: <NILS.94Mar6230935@guru.stgt.sub.org> NNTP-Posting-Host: adam.fwi.uva.nl nils@guru.stgt.sub.org (Cornelis van der Laan) writes: >I read the code of the _validuser() function in Stevens book >and detected an error in it (the following code is taken from >the FreeBSD 1.0 distribution and seems not to be corrected): >In the routine a buffer of len MAXHOSTNAMELEN is used to read >in lines from /etc/hosts.equiv, /etc/hosts.lpd and .../.rhosts. >As we know, the .rhost file contains pairs of host and user >names, of which the hostname can completely fill the buffer >so that the username must be ignored. >Will someone please correct the buffersize to be at least >MAXHOSTNAMELEN+8+1 ? >Thanks, Nils It's not that important. And even then, MAXHOSTNAMELEN+8+1 may not be enough. You're allowed to put as many spaces between the hostname and the user name as you please. The code should check whether it reads to few bytes (i.e., no trailing \n) and throw away the buffer in that case and the rest of the input line. Casper