Subject: bin/2287: rcs "uses gets(), which is unsafe"
To: None <gnats-bugs@NetBSD.ORG>
From: Matt Beal <beal@umiacs.UMD.EDU>
List: netbsd-bugs
Date: 04/02/1996 01:07:26
>Number: 2287
>Category: bin
>Synopsis: rcs "uses gets(), which is unsafe"
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Apr 2 01:35:01 1996
>Last-Modified:
>Originator: Matt Beal
>Organization:
UMIACS, University of Maryland
>Release: 1.1B supped 3/21
>Environment:
System: NetBSD dilbert.umiacs.umd.edu 1.1B NetBSD 1.1B (DILBERT) #17: Fri Mar 22 17:19:15 EST 1996 root@:/usr/src-1.1B/sys/arch/i386/compile/DILBERT i386
>Description:
gnu's rcs "uses gets(), which is unsafe"
>How-To-Repeat:
N/A
>Fix:
2 patches:
#1:
diff -c -r1.1 -r1.2
*** /usr/src/gnu/usr.bin/rcs/lib/maketime.c 1996/04/02 05:58:43 1.1
--- /usr/src/gnu/usr.bin/rcs/lib/maketime.c 1996/04/02 05:59:30 1.2
***************
*** 305,311 ****
time_t default_time = time((time_t *)0);
int default_zone = argv[1] ? atoi(argv[1]) : 0;
char buf[1000];
! while (gets(buf)) {
time_t t = str2time(buf, default_time, default_zone);
printf("%s", asctime(gmtime(&t)));
}
--- 305,311 ----
time_t default_time = time((time_t *)0);
int default_zone = argv[1] ? atoi(argv[1]) : 0;
char buf[1000];
! while (fgets(buf, 1000, stdin)) {
time_t t = str2time(buf, default_time, default_zone);
printf("%s", asctime(gmtime(&t)));
}
#2:
diff -c -r1.1 -r1.2
*** /usr/src/gnu/usr.bin/rcs/lib/rcsrev.c 1996/04/02 05:57:11 1.1
--- /usr/src/gnu/usr.bin/rcs/lib/rcsrev.c 1996/04/02 05:59:44 1.2
***************
*** 840,856 ****
/* all output goes to stderr, to have diagnostics and */
/* errors in sequence. */
aputs("\nEnter revision number or <return> or '.': ",stderr);
! if (!gets(symrevno)) break;
if (*symrevno == '.') break;
aprintf(stderr,"%s;\n",symrevno);
expandsym(symrevno,&numricrevno);
aprintf(stderr,"expanded number: %s; ",numricrevno.string);
aprintf(stderr,"Date: ");
! gets(date); aprintf(stderr,"%s; ",date);
aprintf(stderr,"Author: ");
! gets(author); aprintf(stderr,"%s; ",author);
aprintf(stderr,"State: ");
! gets(state); aprintf(stderr, "%s;\n", state);
target = genrevs(numricrevno.string, *date?date:(char *)0, *author?author:(char *)0,
*state?state:(char*)0, &gendeltas);
if (target) {
--- 843,859 ----
/* all output goes to stderr, to have diagnostics and */
/* errors in sequence. */
aputs("\nEnter revision number or <return> or '.': ",stderr);
! if (!fgets(symrevno, 100, stdin)) break;
if (*symrevno == '.') break;
aprintf(stderr,"%s;\n",symrevno);
expandsym(symrevno,&numricrevno);
aprintf(stderr,"expanded number: %s; ",numricrevno.string);
aprintf(stderr,"Date: ");
! fgets(date, 20, stdin); aprintf(stderr,"%s; ",date);
aprintf(stderr,"Author: ");
! fgets(author, 20, stdin); aprintf(stderr,"%s; ",author);
aprintf(stderr,"State: ");
! fgets(state, 20, stdin); aprintf(stderr, "%s;\n", state);
target = genrevs(numricrevno.string, *date?date:(char *)0, *author?author:(char *)0,
*state?state:(char*)0, &gendeltas);
if (target) {
>Audit-Trail:
>Unformatted: