Subject: bin/3399: Strange w output
To: None <gnats-bugs@gnats.netbsd.org>
From: Tatoku Ogaito <tacha@tera.fukui-med.ac.jp>
List: netbsd-bugs
Date: 03/27/1997 19:18:52
>Number:         3399
>Category:       bin
>Synopsis:       Strange w output
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 27 02:35:00 1997
>Last-Modified:
>Originator:     Tatoku Ogaito
>Organization:
-----            : Tatoku Ogaito
   / _  _ _/ _   : Dept. Phys, Fukui Medical School
  / (_|(_ /)(_|  : E-mail: tacha@tera.fukui-med.ac.jp
>Release:        03/24/97
>Environment:
	
System: NetBSD tera.fukui-med.ac.jp 1.2D NetBSD 1.2D (TERA) #71: Tue Mar 25 17:48:03 JST 1997 root@tera.fukui-med.ac.jp:/usr/current/src/sys/arch/i386/compile/TERA i386


>Description:
	When user login from a host which name is longer than UT_HOSTSIZE,
w may output wrong information since w modifies data without boundary check.

>How-To-Repeat:
	Try to login from long hostname at the time, which hexadecimal 
representaion contains `3e'.

[trap]~% finger 
Login    Name                 Tty  Idle  Login Time   Office     Office Phone
tacha    Tatoku Ogaito         p0     -  Mar 27 18:33            x2446
[trap]~% w
 7:13PM  up 1 day, 22:24, 1 user, load averages: 0.06, 0.08, 0.08
USER    TTY FROM              LOGIN@  IDLE WHAT
tacha    p0 tera.fukui-med.a 11Feb97     0 w 


>Fix:
--- ./src/usr.bin/w/w.c.orig	Wed Mar  5 00:56:33 1997
+++ ./src/usr.bin/w/w.c	Thu Mar 27 19:02:01 1997
@@ -292,8 +292,10 @@
 
 	for (ep = ehead; ep != NULL; ep = ep->next) {
 		p = *ep->utmp.ut_host ? ep->utmp.ut_host : "-";
-		if ((x = strchr(p, ':')) != NULL)
+		if ((x = strchr(p, ':')) != NULL && x <= p + UT_HOSTSIZE )
 			*x++ = '\0';
+		else
+			x = NULL;
 		if (!nflag && isdigit(*p) &&
 		    (long)(l = inet_addr(p)) != -1 &&
 		    (hp = gethostbyaddr((char *)&l, sizeof(l), AF_INET))) {

>Audit-Trail:
>Unformatted: