[src/netbsd-3]: src/usr.bin/ftp Pull up revision 1.115 (requested by lukem in...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-3]: src/usr.bin/ftp Pull up revision 1.115 (requested by lukem in...
From: tron <tron%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 16:42:50 +0000

details:   https://anonhg.NetBSD.org/src/rev/290bc2aebdab
branches:  netbsd-3
changeset: 576771:290bc2aebdab
user:      tron <tron%NetBSD.org@localhost>
date:      Sun Jul 24 10:30:17 2005 +0000

description:
Pull up revision 1.115 (requested by lukem in ticket #606):
Implement:
    int getline(FILE *stream, char *buf, size_t buflen, const char **errormsg)
        Read a line from the FILE stream into buf/buflen using fgets(), so up
        to buflen-1 chars will be read and the result will be NUL terminated.
        If the line has a trailing newline it will be removed.
        If the line is too long, excess characters will be read until
        newline/EOF/error.
        Various -ve return values indicate different errors, and errormsg
        will be changed to an error description if it's not NULL.
Convert to use getline() instead of fgets() whenever reading user input
to ensure that an overly long input line doesn't leave excess characters
for the next input operation to accidentally use as input.
Zero out the password & account after we've finished with it.
Consistently use getpass(3) (i.e, character echo suppressed) when
reading the account data.  For some reason, historically the "login"
code suppressed echo for Account: yet the "user" command did not!
Display the hostname in the "getaddrinfo failed" warning.
Appease some -Wcast-qual warnings.  Fixing all of these requires
significant code refactoring.  (mmm, legacy code).

diffstat:

 usr.bin/ftp/cmds.c |  43 ++++++++++++++++++++-----------------------
 1 files changed, 20 insertions(+), 23 deletions(-)

diffs (97 lines):

diff -r 1c5e73f5b595 -r 290bc2aebdab usr.bin/ftp/cmds.c
--- a/usr.bin/ftp/cmds.c        Sun Jul 24 10:30:09 2005 +0000
+++ b/usr.bin/ftp/cmds.c        Sun Jul 24 10:30:17 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cmds.c,v 1.111.2.3 2005/07/24 10:20:53 tron Exp $      */
+/*     $NetBSD: cmds.c,v 1.111.2.4 2005/07/24 10:30:17 tron Exp $      */
 
 /*-
  * Copyright (c) 1996-2005 The NetBSD Foundation, Inc.
@@ -103,7 +103,7 @@
 #if 0
 static char sccsid[] = "@(#)cmds.c     8.6 (Berkeley) 10/9/94";
 #else
-__RCSID("$NetBSD: cmds.c,v 1.111.2.3 2005/07/24 10:20:53 tron Exp $");
+__RCSID("$NetBSD: cmds.c,v 1.111.2.4 2005/07/24 10:30:17 tron Exp $");
 #endif
 #endif /* not lint */
 
@@ -158,6 +158,7 @@
 static int
 confirm(const char *cmd, const char *file)
 {
+       const char *errormsg;
        char line[BUFSIZ];
 
        if (!interactive || confirmrest)
@@ -165,10 +166,9 @@
        while (1) {
                fprintf(ttyout, "%s %s [anpqy?]? ", cmd, file);
                (void)fflush(ttyout);
-               if (fgets(line, sizeof(line), stdin) == NULL) {
+               if (getline(stdin, line, sizeof(line), &errormsg) < 0) {
                        mflag = 0;
-                       fprintf(ttyout, "\nEOF received; %s aborted\n", mname);
-                       clearerr(stdin);
+                       fprintf(ttyout, "%s; %s aborted\n", errormsg, mname);
                        return (0);
                }
                switch (tolower((unsigned char)*line)) {
@@ -1472,7 +1472,7 @@
 void
 user(int argc, char *argv[])
 {
-       char acct[80];
+       char *password;
        int n, aflag = 0;
 
        if (argc == 0)
@@ -1489,34 +1489,31 @@
        n = command("USER %s", argv[1]);
        if (n == CONTINUE) {
                if (argc < 3) {
-                       argv[2] = getpass("Password: ");
-                       argc++;
+                       password = getpass("Password: ");
+               } else {
+                       password = argv[2];
                }
-               n = command("PASS %s", argv[2]);
+               n = command("PASS %s", password);
+               memset(password, 0, strlen(password));
        }
        if (n == CONTINUE) {
+               aflag++;
                if (argc < 4) {
-                       (void)fputs("Account: ", ttyout);
-                       (void)fflush(ttyout);
-                       if (fgets(acct, sizeof(acct) - 1, stdin) == NULL) {
-                               fprintf(ttyout,
-                                   "\nEOF received; login aborted.\n");
-                               clearerr(stdin);
-                               code = -1;
-                               return;
-                       }
-                       acct[strlen(acct) - 1] = '\0';
-                       argv[3] = acct; argc++;
+                       password = getpass("Account: ");
+               } else {
+                       password = argv[3];
                }
-               n = command("ACCT %s", argv[3]);
-               aflag++;
+               n = command("ACCT %s", password);
+               memset(password, 0, strlen(password));
        }
        if (n != COMPLETE) {
                fputs("Login failed.\n", ttyout);
                return;
        }
        if (!aflag && argc == 4) {
-               (void)command("ACCT %s", argv[3]);
+               password = argv[3];
+               (void)command("ACCT %s", password);
+               memset(password, 0, strlen(password));
        }
        connected = -1;
        getremoteinfo();

Prev by Date: [src/netbsd-3]: src/usr.bin/ftp Pull up revision 1.72 (requested by lukem in ...
Next by Date: [src/netbsd-3]: src/usr.bin/ftp Pull up revision 1.99 (requested by lukem in ...
Previous by Thread: [src/netbsd-3]: src/usr.bin/ftp Pull up revision 1.72 (requested by lukem in ...
Next by Thread: [src/netbsd-3]: src/usr.bin/ftp Pull up revision 1.99 (requested by lukem in ...
Indexes:

Home | Main Index | Thread Index | Old Index