[comp.bugs.sys5] possible bug in HDB uucp?

friedl@vsi.COM (Stephen J. Friedl) (01/24/89)

Is this a bug?  I'm running Sys V Rel 3.1 on a 3B2/400 with
(obviously) HDB uucp.  I'm in the process of connecting with a
local site (hi Larry!), and the password I was given included a %
character.  After a handful of failed logins, it occurred to me
that perhaps the Systems send strings were subject to "printf-
expansion" (is that a real term?).  I tried a password of

        %foobar

and I got a floating zero followed by "oobar".  I tried doubling
the % to %%foobar but it still doesn't work.  By now, we've
gotten things to work by using a different password, but this %
business can't be right...

     Anybody?  peter?

     Steve

-- 
Stephen J. Friedl        3B2-kind-of-guy            friedl@vsi.com
V-Systems, Inc.       I speak for you only      attmail!vsi!friedl
Santa Ana, CA  USA       +1 714 545 6442    {backbones}!vsi!friedl
Nancy Reagan on these *stupid* .signatures: "Enough already, OK?"

vch@attibr.UUCP (Vincent C. Hatem) (01/25/89)

In article <1025@vsi.COM>, friedl@vsi.COM (Stephen J. Friedl) writes:
} Is this a bug?  I'm running Sys V Rel 3.1 on a 3B2/400 with
} (obviously) HDB uucp.  I'm in the process of connecting with a
} local site (hi Larry!), and the password I was given included a %
} character.  After a handful of failed logins, it occurred to me
} that perhaps the Systems send strings were subject to "printf-
} expansion" (is that a real term?).  I tried a password of
} 
}         %foobar
} 
} and I got a floating zero followed by "oobar".  I tried doubling
} the % to %%foobar but it still doesn't work.  By now, we've
} gotten things to work by using a different password, but this %
} business can't be right...

Very strange... the source code uses write(2) to send the string to the
remote host. It shouldn't interere. It might be mashing the % before then,
such as when it reads it from the Systems file and tries to translate
it somehow. I dodn't find anything that would do such a thing in the 
code, though.

Have you tried a backlash before the %?

-Vince

-- 
Vincent C. Hatem
e-mail: {any Action Central site || att}!attibr!vch
snail-mail: AT&T International, 1200 Mt. Kemble Ave, Basking Ridge, NJ 07920
tele: +1-201-953-7959         ------ Gruezi wohl! -------

friedl@vsi.COM (Stephen J. Friedl) (01/25/89)

In article <1025@vsi.COM>, friedl@vsi.COM (Stephen J. Friedl) writes:
>
> [summary] HDB on a 3B2/400, Sys V Rel 3.1.  In the Systems
> file, a password containing a % is expanded as in printf,
> so "%foobar" ---> "0.00000oobar".

In article <116@attibr.UUCP>, vch@attibr.UUCP (Vincent C. Hatem) writes:
>
> Very strange... the source code uses write(2) to send the string to the
> remote host.

The expansion I'm seeing is in the -x9 *debug* output, and I
guess I didn't check to see if it were going to the other end
that way.

In any case, the remote login worked fine if I went at it with
cu, but no combination of % or %% or \% in the password field would
make it work via uucico.

    Steve

-- 
Stephen J. Friedl        3B2-kind-of-guy            friedl@vsi.com
V-Systems, Inc.       I speak for you only      attmail!vsi!friedl
Santa Ana, CA  USA       +1 714 545 6442    {backbones}!vsi!friedl
Nancy Reagan on these *stupid* .signatures: "Enough already, OK?"

honey@mailrus.cc.umich.edu (peter honeyman) (01/25/89)

i just tried password "%foobar" between two honey danber machines, and
it worked just fine.  i also read the code, and i don't see anything
untoward (e.g. sprintf or its ilk).

can you get a -x9 debug output?

	peter

levy@ttrdc.UUCP (Daniel R. Levy) (01/27/89)

In article <1033@vsi.COM>, friedl@vsi.COM (Stephen J. Friedl) writes:
< In article <1025@vsi.COM>, friedl@vsi.COM (Stephen J. Friedl) writes:
< > [summary] HDB on a 3B2/400, Sys V Rel 3.1.  In the Systems
< > file, a password containing a % is expanded as in printf,
< > so "%foobar" ---> "0.00000oobar".
< In article <116@attibr.UUCP>, vch@attibr.UUCP (Vincent C. Hatem) writes:
< > Very strange... the source code uses write(2) to send the string to the
< > remote host.
< The expansion I'm seeing is in the -x9 *debug* output, and I
< guess I didn't check to see if it were going to the other end
< that way.
< In any case, the remote login worked fine if I went at it with
< cu, but no combination of % or %% or \% in the password field would
< make it work via uucico.

I partially verified this (on the 3B2 running SVR3); as root, I Uutry'd a
system which had a "%g" embedded in its password and it was similarly "printf-
expanded" in the debug output.  However, the remote apparently received the
correct password, as the login succeeded and the machines began to converse.

I pored over the HDB source on another machine (which has an earlier version of
conn.c, i.e., 1.16, versus 2.9 according to "what" on the binary which was
supplied with my 3B2) and this phenomenon appears to be impossible!  As V.
Hatem pointed out, write() is used to send the data to the remote host.  This
is done one character at a time.  Also, the debug output is written one
character at a time.  fprintf(stderr...) is used, but always a proper format
is supplied (through the CDEBUG macro) for the second argument.

Doo doo doo doo, Doo doo doo doo, ...
-- 
Daniel R. Levy             UNIX(R) mail:  att!ttbcad!levy
AT&T Bell Laboratories
5555 West Touhy Avenue     Any opinions expressed in the message above are
Skokie, Illinois  60077    mine, and not necessarily AT&T's.