netbsd-bugs: bin/10049: libexec/getty/main.c stuff

Subject: bin/10049: libexec/getty/main.c stuff
To: None <gnats-bugs@gnats.netbsd.org>
From: None <steinarh@pvv.ntnu.no>
List: netbsd-bugs
Date: 05/05/2000 04:48:19
>Number:         10049
>Category:       bin
>Synopsis:       libexec/getty/main.c stuff
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri May 05 04:49:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Steinar Hamre
>Release:        2000-05-04 <NetBSD-current source date>
>Organization:
	
Programvareverkstedet
Norwegian University of Technology and Science
>Environment:
	
System: NetBSD lizard.pvv.ntnu.no 1.4X NetBSD 1.4X (LIZARD) #2: Thu May 4 16:02:17 CEST 2000 root@lizard.pvv.ntnu.no:/usr/src/sys/arch/i386/compile/LIZARD i386


>Description:
	

Possible buffer overflow if %: occurs in gettytab. 

Misplaced }

Rewrite of SCCS-workaround. (Is this still necessary?)

Implemented %c as a way to get a ``:'' character in string.
Example:

Pc2|Pc console 2:\
        :lm=Login%c :tc=Pc

(we might want a more general solution like %072 )

>How-To-Repeat:
	
>Fix:
	

Index: libexec/getty/gettytab.5
===================================================================
RCS file: /cvsroot/basesrc/libexec/getty/gettytab.5,v
retrieving revision 1.24
diff -c -r1.24 gettytab.5
*** gettytab.5	2000/01/04 13:51:55	1.24
--- gettytab.5	2000/05/05 11:43:13
***************
*** 308,313 ****
--- 308,317 ----
  operating system, and version of the kernel, respectively, as
  returned by
  .Xr uname 3 .
+ .It \&%c
+ A
+ .Dq \&:
+ character.
  .It \&%%
  A
  .Dq %
Index: libexec/getty/main.c
===================================================================
RCS file: /cvsroot/basesrc/libexec/getty/main.c,v
retrieving revision 1.31
diff -c -r1.31 main.c
*** main.c	2000/01/14 02:10:08	1.31
--- main.c	2000/05/05 11:43:13
***************
*** 661,672 ****
  			xputs(editedhost);
  			break;
  
! 		case 'd': {
! 			static char fmt[] = "%l:% %p on %A, %d %B %Y";
! 
! 			fmt[4] = 'M';		/* I *hate* SCCS... */
  			(void)time(&t);
! 			(void)strftime(db, sizeof(db), fmt, localtime(&t));
  			xputs(db);
  			break;
  
--- 661,672 ----
  			xputs(editedhost);
  			break;
  
! 		case 'd': 
  			(void)time(&t);
! 			(void)strftime(db, sizeof(db),
! 				/* stupid SCCS eats %M% */
! 				"%l:%M" "%p on %A, %d %B %Y",
! 				localtime(&t));
  			xputs(db);
  			break;
  
***************
*** 685,696 ****
  		case 'v':
  			xputs(kerninfo.version);
  			break;
! 		}
  
  		case '%':
  			putchr('%');
  			break;
  		}
! 		cp++;
  	}
  }
--- 685,699 ----
  		case 'v':
  			xputs(kerninfo.version);
  			break;
! 
! 		case 'c':
! 			putchr(':');
! 			break;
  
  		case '%':
  			putchr('%');
  			break;
  		}
! 		if (*cp) cp++;
  	}
  }
>Release-Note:
>Audit-Trail:
>Unformatted: