netbsd-bugs: bin/7399: dhcpd backspacing

Subject: bin/7399: dhcpd backspacing
To: None <gnats-bugs@gnats.netbsd.org>
From: None <sborrill@precedence.co.uk>
List: netbsd-bugs
Date: 04/16/1999 02:35:55
>Number:         7399
>Category:       bin
>Synopsis:       \ in filenames in dhcpd causes a backspace
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 16 02:35:00 1999
>Last-Modified:
>Originator:     Stephen Borrill
>Organization:
	Precedence Technologies Ltd, Cambridge, UK.
>Release:        Fri Apr 16 09:15:28 BST 1999
>Environment:
	
System: NetBSD black 1.3G NetBSD 1.3G (RPCFW192G) #1: Mon Oct 19 15:54:01 BST 1998 root@black:/usr/export/home/root/riscpc/src/sys/arch/arm32/compile/RPCFW192G arm32


>Description:
man dhcpd.conf says:
       The  filename statement can be used to specify the name of
       the initial boot file which is to be loaded by  a  client.
       The filename should be a filename recognizable to whatever
       file transfer protocol the client can be expected  to  use
       to load the file.

However, the parser is written so that a backslash (\) in the filename
is skipped. Not only that, it leaves the previous character in the output
buffer. This means that valid Microsoft UNC pathnames (\\SERVER\SHARE)
get mangled. This severely breaks the cross platform usage of NetBSD dhcpd.

>How-To-Repeat:
Have the following line in a dhcpd.conf file:
filename "\\SERVER\SHARE\FILENAME";
When parsed this returns the following where * represents whatever was in
the output buffer beforehand (it's not initialised in the read_string()
function:
*\SERVER*SHARE*FILENAME

In my configuration this returns: f\SERVER

>Fix:
Comment out the broken code. Patch follows:

--- conflex.c.orig      Fri Apr 16 09:09:16 1999
+++ conflex.c   Fri Apr 16 09:46:16 1999
@@ -251,7 +251,7 @@
        FILE *cfile;
 {
        int i;
-       int bs = 0;
+       /* int bs = 0; */
        int c;
 
        for (i = 0; i < sizeof tokbuf; i++) {
@@ -260,12 +260,14 @@
                        parse_warn ("eof in string constant");
                        break;
                }
-               if (bs) {
+/*             if (bs) {
                        bs = 0;
                        tokbuf [i] = c;
                } else if (c == '\\')
                        bs = 1;
-               else if (c == '"')
+               else
+*/ 
+               if (c == '"')
                        break;
                else
                        tokbuf [i] = c;

>Audit-Trail:
>Unformatted: