friedl@vsi.COM (Stephen J. Friedl) (01/24/89)
Is this a bug? I'm running Sys V Rel 3.1 on a 3B2/400 with
(obviously) HDB uucp. I'm in the process of connecting with a
local site (hi Larry!), and the password I was given included a %
character. After a handful of failed logins, it occurred to me
that perhaps the Systems send strings were subject to "printf-
expansion" (is that a real term?). I tried a password of
%foobar
and I got a floating zero followed by "oobar". I tried doubling
the % to %%foobar but it still doesn't work. By now, we've
gotten things to work by using a different password, but this %
business can't be right...
Anybody? peter?
Steve
--
Stephen J. Friedl 3B2-kind-of-guy friedl@vsi.com
V-Systems, Inc. I speak for you only attmail!vsi!friedl
Santa Ana, CA USA +1 714 545 6442 {backbones}!vsi!friedl
Nancy Reagan on these *stupid* .signatures: "Enough already, OK?"vch@attibr.UUCP (Vincent C. Hatem) (01/25/89)
In article <1025@vsi.COM>, friedl@vsi.COM (Stephen J. Friedl) writes: } Is this a bug? I'm running Sys V Rel 3.1 on a 3B2/400 with } (obviously) HDB uucp. I'm in the process of connecting with a } local site (hi Larry!), and the password I was given included a % } character. After a handful of failed logins, it occurred to me } that perhaps the Systems send strings were subject to "printf- } expansion" (is that a real term?). I tried a password of } } %foobar } } and I got a floating zero followed by "oobar". I tried doubling } the % to %%foobar but it still doesn't work. By now, we've } gotten things to work by using a different password, but this % } business can't be right... Very strange... the source code uses write(2) to send the string to the remote host. It shouldn't interere. It might be mashing the % before then, such as when it reads it from the Systems file and tries to translate it somehow. I dodn't find anything that would do such a thing in the code, though. Have you tried a backlash before the %? -Vince -- Vincent C. Hatem e-mail: {any Action Central site || att}!attibr!vch snail-mail: AT&T International, 1200 Mt. Kemble Ave, Basking Ridge, NJ 07920 tele: +1-201-953-7959 ------ Gruezi wohl! -------
friedl@vsi.COM (Stephen J. Friedl) (01/25/89)
In article <1025@vsi.COM>, friedl@vsi.COM (Stephen J. Friedl) writes: > > [summary] HDB on a 3B2/400, Sys V Rel 3.1. In the Systems > file, a password containing a % is expanded as in printf, > so "%foobar" ---> "0.00000oobar". In article <116@attibr.UUCP>, vch@attibr.UUCP (Vincent C. Hatem) writes: > > Very strange... the source code uses write(2) to send the string to the > remote host. The expansion I'm seeing is in the -x9 *debug* output, and I guess I didn't check to see if it were going to the other end that way. In any case, the remote login worked fine if I went at it with cu, but no combination of % or %% or \% in the password field would make it work via uucico. Steve -- Stephen J. Friedl 3B2-kind-of-guy friedl@vsi.com V-Systems, Inc. I speak for you only attmail!vsi!friedl Santa Ana, CA USA +1 714 545 6442 {backbones}!vsi!friedl Nancy Reagan on these *stupid* .signatures: "Enough already, OK?"
honey@mailrus.cc.umich.edu (peter honeyman) (01/25/89)
i just tried password "%foobar" between two honey danber machines, and it worked just fine. i also read the code, and i don't see anything untoward (e.g. sprintf or its ilk). can you get a -x9 debug output? peter
levy@ttrdc.UUCP (Daniel R. Levy) (01/27/89)
In article <1033@vsi.COM>, friedl@vsi.COM (Stephen J. Friedl) writes: < In article <1025@vsi.COM>, friedl@vsi.COM (Stephen J. Friedl) writes: < > [summary] HDB on a 3B2/400, Sys V Rel 3.1. In the Systems < > file, a password containing a % is expanded as in printf, < > so "%foobar" ---> "0.00000oobar". < In article <116@attibr.UUCP>, vch@attibr.UUCP (Vincent C. Hatem) writes: < > Very strange... the source code uses write(2) to send the string to the < > remote host. < The expansion I'm seeing is in the -x9 *debug* output, and I < guess I didn't check to see if it were going to the other end < that way. < In any case, the remote login worked fine if I went at it with < cu, but no combination of % or %% or \% in the password field would < make it work via uucico. I partially verified this (on the 3B2 running SVR3); as root, I Uutry'd a system which had a "%g" embedded in its password and it was similarly "printf- expanded" in the debug output. However, the remote apparently received the correct password, as the login succeeded and the machines began to converse. I pored over the HDB source on another machine (which has an earlier version of conn.c, i.e., 1.16, versus 2.9 according to "what" on the binary which was supplied with my 3B2) and this phenomenon appears to be impossible! As V. Hatem pointed out, write() is used to send the data to the remote host. This is done one character at a time. Also, the debug output is written one character at a time. fprintf(stderr...) is used, but always a proper format is supplied (through the CDEBUG macro) for the second argument. Doo doo doo doo, Doo doo doo doo, ... -- Daniel R. Levy UNIX(R) mail: att!ttbcad!levy AT&T Bell Laboratories 5555 West Touhy Avenue Any opinions expressed in the message above are Skokie, Illinois 60077 mine, and not necessarily AT&T's.