Subject: Re: bin/8428: uucpd truncates login names at 8 characters
To: Taras Ivanenko <ivanenko@ctpa03.mit.edu>
From: Eric Schnoebelen <eric@cirr.com>
List: netbsd-bugs
Date: 09/24/1999 10:47:57
Taras Ivanenko writes:
- > user[] shouldbe truncated to MAXLOGNAME to keep
- > setlogin() happy, and I've incorporated that into a new patch
- > below. I've also forced user[] to be null terminated after
- > leaving readline(), in case someone attempts a buffer overflow
- > by sending more than 64 characters (sizeof user).
-
- > ! /* force a trailing NULL*/
- > ! user[sizeof user] = '\0';
-
- I do not have the code in front of me but I would be more comfortable
- with the statement
-
- user[sizeof(user) - 1] = '\0';
-
- which avoids an array overflow by 1
Ah, yes.. Not thinking as well as I should have been
when I coded that, nor was I testing on a sufficently picky
architecture :-(
--
Eric Schnoebelen eric@cirr.com http://www.cirr.com
When confronted by a difficult problem just reduce it
to the question, "How would Captain Kirk handle this?"