atkins@opus.UUCP (Brian Atkins) (05/16/85)
In rexecd.c there is an off-by-one error in getstr.
strings can only by n-1 characters long where n is the size of the buffer
passed into getstr.
***************************************************************
getstr(buf, cnt, err)
char *buf;
int cnt;
char *err;
{
char c;
do {
if (read(0, &c, 1) != 1)
exit(1);
*buf++ = c;
if (--cnt == 0) { <*** craps out on nth char
error("%s too long\n", err);
exit(1);
}
} while (c != 0);
}
***************************************************************
Here is a fix, simple as it is.
***************************************************************
getstr(buf2, cnt, err)
char *buf2;
int cnt;
char *err;
{
char c, *buf;
buf = buf2;
do {
if (cnt-- == 0) {
printf("%s too long\n", err);
exit(1);
}
if (read(0, &c, 1) != 1)
exit(1);
*buf++ = c;
} while (c != 0);
}
***************************************************************
[FLAME ON (for those of you in net.bugs)]
Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!!
More importantly, what punishment has been given!
Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins
NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) (05/17/85)
> Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!!
You don't think they're going to admit it?
Seriously, what do you expect from student slave labor?padpowell@wateng.UUCP (PAD Powell) (05/18/85)
In article <1204@opus.UUCP> atkins@opus.UUCP (Brian Atkins) writes: > > In rexecd.c there is an off-by-one error in getstr. >strings can only by n-1 characters long where n is the size of the buffer >passed into getstr. >*************************************************************** > >*************************************************************** >Here is a fix, simple as it is. >*************************************************************** > >getstr(buf2, cnt, err) > char *buf2; > int cnt; > char *err; >{ > char c, *buf; > > buf = buf2; > do { > if (cnt-- == 0) { > printf("%s too long\n", err); > exit(1); > } > if (read(0, &c, 1) != 1) > exit(1); > *buf++ = c; > } while (c != 0); **** *buff = '\0'; <--- terminating 0 >} > >*************************************************************** >Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins >NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710 Don't forget to add the terminating 0. Patrick Powell
jmoore@mips.UUCP (Jim Moore) (05/20/85)
> [FLAME ON (for those of you in net.bugs)] > Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!! > > More importantly, what punishment has been given! > > Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins > NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710 The punishment that is given is that the program mysteriously fails when input strings are exactly n characters long. The punishment is placed on the person foolish enough to continue to use code that he has many times in the past labeled as 'CRAP'. I just wish that the party forcing you at gun-point to use this code would also force you to keep your fingers off the flame key.
jas@rtech.UUCP (Jim Shankland) (05/24/85)
About Berklix's rexec, rcmd, etc. code: > > [FLAME ON (for those of you in net.bugs)] > > Let me ask, one again, WHO WRITES THIS CRAP!!!!!!!!!!!!!!!!!! > > > > Brian Atkins ...{attunix, hao, allegra, ucbvax}!nbires!atkins > > NBI Inc., P.O. Box 9001, Boulder CO 80301 (303) 444-5710 > > The punishment that is given is that the program mysteriously fails > when input strings are exactly n characters long. The punishment > is placed on the person foolish enough to continue to use code that > he has many times in the past labeled as 'CRAP'. > > I just wish that the party forcing you at gun-point to use this code > would also force you to keep your fingers off the flame key. Hey, come on, he's got a valid point. The code is poorly written, poorly commented -- all in all, it has the look of a first prototype out of someone whose philosophy of software design is, "Bang away at the keyboard until it (barely) works." Take a good, long look at this code and ask yourself how you would feel if you hired someone who considered this to be release-quality code. You're not really saying that the only choices are not to use the code, or to suffer mediocrity in silence -- or are you? Jim Shankland ..!ihnp4!pegasus!rtech!jas ..!ucbvax!mtxinu!rtech!jas