Xref: utzoo comp.bugs.4bsd:1815 comp.bugs.sys5:1542 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!rutgers!cbmvax!amix!ag From: ag@amix.commodore.com (Keith Gabryelski) Newsgroups: comp.bugs.4bsd,comp.bugs.sys5 Subject: Re: Bug in finger.c Message-ID: <2373@amix.commodore.com> Date: 26 May 91 15:10:06 GMT References: <7961@awdprime.UUCP> Reply-To: ag@amix.commodore.com (Keith Gabryelski) Followup-To: comp.bugs.4bsd Organization: Commodore-Amiga Unix Development Lines: 77 Crossposted to comp.bugs.sys5 becausethe bug is in SVR4, also. In article <7961@awdprime.UUCP> jfh@greenber.austin.ibm.com (John F Haugh II) writes: >In .../src/ucb/finger.c, there is a code fragment down around line 1074 >(version 5.8 dated 3/13/86) that reads > > if (isprint(c) || isspace(c)) > putchar(c); > else > putchar(c ^ 100); > >Now what are they doing XOR'ing that poor character against 100 =decimal=? I noticed this happens in three places in the code. Even if the code used ``c ^ 0100'' a user could still send a CSI (0x9b). Pax, Keith Ps, My diffs: (for a SVR4 machine so line numbers may be bogus) *** finger.c- Sun May 26 10:49:02 1991 --- finger.c Sun May 26 10:50:28 1991 *************** *** 491,497 **** if (isprint(c) || isspace(c)) putchar(c); else ! putchar(c ^ 100); } fclose(fp); putchar('\n'); --- 491,497 ---- if (isprint(c) || isspace(c)) putchar(c); else ! break; } fclose(fp); putchar('\n'); *************** *** 511,517 **** if (isprint(c) || isspace(c)) putchar(c); else ! putchar(c ^ 100); fclose(fp); } free(s); --- 511,517 ---- if (isprint(c) || isspace(c)) putchar(c); else ! break; fclose(fp); } free(s); *************** *** 1022,1028 **** if (isprint(c) || isspace(c)) putchar(c); else ! putchar(c ^ 100); } if (lastc != '\n') putchar('\n'); --- 1022,1028 ---- if (isprint(c) || isspace(c)) putchar(c); else ! break; } if (lastc != '\n') putchar('\n'); -- Keith Gabryelski Advanced Products Group ag@amix.commodore.com ...!cbmvax!amix!ag