atkins@opus.UUCP (Brian Atkins) (05/16/85)
In rexecd.c there is an off-by-one error in getstr. strings can only by n-1 characters long where n is the size of the buffer passed into getstr. *************************************************************** getstr(buf, cnt, err) char *buf; int cnt; char *err; { char c; do { if (read(0, &c, 1) != 1) exit(1); *buf++ = c; if (--cnt == 0) { <*** craps out on nth char error("%s too long\n", err); exit(1); } } while (c != 0); } *************************************************************** Here is a fix, simple as it is. *************************************************************** getstr(buf2, cnt, err) char *buf2; int cnt; char *err; { char c, *buf; buf = buf2; do { if (cnt-- == 0) { printf("%s too long\n", err); exit(1); } if (read(0, &c, 1) != 1) exit(1); *buf++ = c; } while (c != 0); } *************************************************************** [FLAME ON (for those of you in net.bugs)] Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!! More importantly, what punishment has been given! Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710
gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) (05/17/85)
> Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!!
You don't think they're going to admit it?
Seriously, what do you expect from student slave labor?
padpowell@wateng.UUCP (PAD Powell) (05/18/85)
In article <1204@opus.UUCP> atkins@opus.UUCP (Brian Atkins) writes: > > In rexecd.c there is an off-by-one error in getstr. >strings can only by n-1 characters long where n is the size of the buffer >passed into getstr. >*************************************************************** > >*************************************************************** >Here is a fix, simple as it is. >*************************************************************** > >getstr(buf2, cnt, err) > char *buf2; > int cnt; > char *err; >{ > char c, *buf; > > buf = buf2; > do { > if (cnt-- == 0) { > printf("%s too long\n", err); > exit(1); > } > if (read(0, &c, 1) != 1) > exit(1); > *buf++ = c; > } while (c != 0); **** *buff = '\0'; <--- terminating 0 >} > >*************************************************************** >Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins >NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710 Don't forget to add the terminating 0. Patrick Powell
jmoore@mips.UUCP (Jim Moore) (05/20/85)
> [FLAME ON (for those of you in net.bugs)] > Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!! > > More importantly, what punishment has been given! > > Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins > NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710 The punishment that is given is that the program mysteriously fails when input strings are exactly n characters long. The punishment is placed on the person foolish enough to continue to use code that he has many times in the past labeled as 'CRAP'. I just wish that the party forcing you at gun-point to use this code would also force you to keep your fingers off the flame key.
jas@rtech.UUCP (Jim Shankland) (05/24/85)
About Berklix's rexec, rcmd, etc. code: > > [FLAME ON (for those of you in net.bugs)] > > Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!! > > > > Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins > > NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710 > > The punishment that is given is that the program mysteriously fails > when input strings are exactly n characters long. The punishment > is placed on the person foolish enough to continue to use code that > he has many times in the past labeled as 'CRAP'. > > I just wish that the party forcing you at gun-point to use this code > would also force you to keep your fingers off the flame key. Hey, come on, he's got a valid point. The code is poorly written, poorly commented -- all in all, it has the look of a first prototype out of someone whose philosophy of software design is, "Bang away at the keyboard until it (barely) works." Take a good, long look at this code and ask yourself how you would feel if you hired someone who considered this to be release-quality code. You're not really saying that the only choices are not to use the code, or to suffer mediocrity in silence -- or are you? Jim Shankland ..!ihnp4!pegasus!rtech!jas ..!ucbvax!mtxinu!rtech!jas