[comp.bugs.sys5] Bug in finger.c

ag@amix.commodore.com (Keith Gabryelski) (05/26/91)

Crossposted to comp.bugs.sys5 becausethe bug is in SVR4, also.

In article <7961@awdprime.UUCP> jfh@greenber.austin.ibm.com (John F Haugh II)
writes:
>In .../src/ucb/finger.c, there is a code fragment down around line 1074
>(version 5.8 dated 3/13/86) that reads
>
>	if (isprint(c) || isspace(c))
>		putchar(c);
>	else
>		putchar(c ^ 100);
>
>Now what are they doing XOR'ing that poor character against 100 =decimal=?

I noticed this happens in three places in the code.  Even if the
code used ``c ^ 0100'' a user could still send a CSI (0x9b).

Pax, Keith

Ps, My diffs: (for a SVR4 machine so line numbers may be bogus)

*** finger.c-	Sun May 26 10:49:02 1991
--- finger.c	Sun May 26 10:50:28 1991
***************
*** 491,497 ****
  						if (isprint(c) || isspace(c))
  							putchar(c);
  						else
! 							putchar(c ^ 100);
  					}
  					fclose(fp);
  					putchar('\n');
--- 491,497 ----
  						if (isprint(c) || isspace(c))
  							putchar(c);
  						else
! 						    break;
  					}
  					fclose(fp);
  					putchar('\n');
***************
*** 511,517 ****
  						if (isprint(c) || isspace(c))
  							putchar(c);
  						else
! 							putchar(c ^ 100);
  					fclose(fp);
  				}
  				free(s);
--- 511,517 ----
  						if (isprint(c) || isspace(c))
  							putchar(c);
  						else
! 						    break;
  					fclose(fp);
  				}
  				free(s);
***************
*** 1022,1028 ****
  		if (isprint(c) || isspace(c))
  			putchar(c);
  		else
! 			putchar(c ^ 100);
  	}
  	if (lastc != '\n')
  		putchar('\n');
--- 1022,1028 ----
  		if (isprint(c) || isspace(c))
  			putchar(c);
  		else
! 		    break;
  	}
  	if (lastc != '\n')
  		putchar('\n');
-- 
Keith Gabryelski                                 Advanced Products Group
ag@amix.commodore.com                                 ...!cbmvax!amix!ag