powers@asds.enet.dec.com (Bill Powers) (05/29/90)
While working this weekend with Minix, I noticed what appears to be a bug (rather I personally would, but others might not). I created an account that had 8 letters in it. I then logged into that account on tty1. And from tty0, I tried to do a write to that user. Write returned a message that the user was not logged on, but they show up when I do a who. After doing some investigation, it seems that that write reads in the utmp?? records and compares the users listed in there to the one enterd at the command line. Except the size of the field for the userid part of the utmp structure is only 8 characters. There was no nul terminator on the string so it bled in with the other records in the file (ie write tried comparing "userid01" with "userid01tty1tty1") something like that which made it fail). To make a long story short shouldn't the field width for the name field in the utmp record be 1 more than the longest possible userid. I also noticed that login does a strncpy(utmpnamerecord,username, sizeof(utmpnamerecord)). Thus also contributing to the problem by possibly not terminating the string. Should not there be a #define in utmp.h something like #define MAX_USERID_LEN 32. Then down in the utmp structure declare the field to be a char array with size MAX_USERID_LEN+1. Then in the routines like login, use MAX_USER_ID_LEN instead of all the sizeofs? Does this break some long standing unixisms? Did this make any sense to anybody? Bill Powers ---- Digital Equipment Corp. - Advanced Service Delivery Systems - Stow MA The opinions expressed above are my own, not my employers. E-MAIL - powers@asds.enet.dec.com or ...!decwrl!asds!powers
DEDOUREK@unb.ca (05/30/90)
On Tue, 29 May 90 08:25:21 EDT Bill Powers <@VM1.NoDak. EDU:powers@ASDS.ENET.DEC.COM> writes: > After doing some investigation, it seems that > that write reads in the utmp?? records and compares the users listed > in there to the one enterd at the command line. Except the size of > the field for the userid part of the utmp structure is only 8 > characters. There was no nul terminator on the string so it bled in > with the other records in the file (ie write tried comparing > "userid01" with "userid01tty1tty1") something like that which made it > fail). This is a well known problem in Unix to which I am very sensitive. (Count the characters in "dedourek" :-) An 8-character logon id is legal according to most documentation. Only 8 characters are allotted to the user id in many Unix structures. The documentation, in the "fine print," points out that 8-character id's will NOT BE NULL TERMINATED. It is the responsibility of an application to move the user id to a 9-character array and add a safety null BEFORE USING ANY OF THE STANDARD STRING OPERATIONS on the user id. If a utility in Minix has failed to do this, that is a bug. Minix is, however, in good company. A recent test of one of the beta releases of IBM's new AIX 3.0 had "who" reporting me as "dedoure". I hope that this reminder to the Minix community from one of us "eight characters" is accepted in the good spirit that it is offered, and that it will help make Minix one of the leaders in erradicating this problem. John DeDourek, Professor School of Computer Science University of New Brunswick Fredericton, N. B. CANADA E3B 5A3 dedourek@unb.ca -- Registered Domain Name DEDOUREK@UNB -- BITNET / NETNORTH (Canada) dedourek@unb.bitnet -- For mailers which only know how to get to bitnet this way.