gst@wjh12.HARVARD.EDU (Gary S. Trujillo) (08/01/86)
There appears to be a problem in the routine getuser() in file user.c in
Brandon Allbery's "UNaXcess" bulletin board system recently posted to
net.sources. Here's the fix:
72c72
< for (p++, q = lcuname; *p != ':'; p++, q++)
---
> for (p++, q = lcuname; *p != '\n'; p++, q++)
By the way, I have applied lint to all the code, and have managed to stifle
most of its complaints. If anyone wants my lintified version, please let me
know. It should be ready fairly soon.
--
Gary Trujillo
(harvard!wjh12!gst)
gst@talcott.HARVARD.EDU (Gary S. Trujillo) (08/02/86)
Oops. I found a problem with UNaXcess, but I got the fix wrong. It has to do with a case in which the "userfile" has an entry which is matched in getuser() which has too few colons. I believe that the test at line 51 should read: if (ncolon < 6) { Otherwise, an entry with fewer than 6 colons would be allowed, and one of the for loops in the code that follows could go into a long search through memory looking for a colon, clobbering various things as it goes. I have just started looking at the code, so I might find additional problems later. If anyone else out there is working on the code and finds problems, please post them here, or let me know via mail. Thanks. -- Gary Trujillo (harvard!wjh12!gst)