pkgsrc-bugs: Re: pkg/23963

Subject: Re: pkg/23963
To: Philippe Oechslin <philippe.oechslin@objectif-securite.ch>
From: Luke Mewburn <lukem@NetBSD.org>
List: pkgsrc-bugs
Date: 06/06/2005 23:11:05
--euFSwY3dVV7YUssO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jun 05, 2005 at 10:37:02PM +0000, Philippe Oechslin wrote:
  |  Hello there,
  |  I have tested tnftp 20050511. The behaviour has changed, but there sti=
ll=20
  |  is a bug.
  | =20
  |  I have downloaded 20050511 and compiled it (./configure, make) on my=
=20
  |  Linux Suse 9.2 distribution.
  | =20
  |  When I give a username that is too long, the rest of the username stay=
s=20
  |  in a buffer and is inserted in the next username. At least there is no=
=20
  |  interaction with later comands.=20
  | =20
  |  Here is an example: the commands that I typed are
  |  - o ftp.microsoft.com
  |  - user AAA..AAcheck_this_outBBB..BBB
  |  - <blank password>
  |  - user <blank username>
  |  - <blank password>
  | =20
  |  tp> o ftp.microsoft.com
  |  Connected to ftp.microsoft.com.
  |  220 Microsoft FTP Service
  |  Name (ftp.microsoft.com:oechslin):=20
  |  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc=
heck_this_outBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBB
  |  331 Password required for=20
  |  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc=
heck_th.
  |  Password:
  |  530 User=20
  |  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc=
heck_th=20
  |  cannot log in.
  |  ftp: Login failed.
  |  ftp> user
  |  (username) 331 Password required for=20
  |  s_outBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBB.
  |  Password:
  |  530 User=20
  |  s_outBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBB=20
  |  cannot log in.
  |  Login failed.
  |    =20
  |  As you can see from the screen dump and from looking at the trafic, th=
e=20
  |  username is trunctated after 78 characters after the initial user=20
  |  command with a long username. When I type a second  user command witho=
ut=20
  |  argument, the rest of the previous username is transmitted. However, t=
he=20
  |  extra data does not seem to interact with later commands as it did whe=
n=20
  |  I discovered the bug.

Is editing enabled or disabled when you attempt this?

Can you run your test with "-d" (debug), and send me the full
output (including the full string that you're using to cause
the problem)?


Thanks,
Luke.

--euFSwY3dVV7YUssO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFCpEtppBhtmn8zJHIRAgbZAJ4wQ3RRjJvuNDjAXgDV1QkbxL/pQQCgnPI7
YZRTfbp5JaJNZmULRGwtx+k=
=zXS7
-----END PGP SIGNATURE-----

--euFSwY3dVV7YUssO--