Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site seismo.UUCP
Path: utzoo!linus!philabs!seismo!stewart
From: stewart@seismo.UUCP (John Stewart)
Newsgroups: net.bugs,net.unix-wizards
Subject: fix to termcap.c and remcap.c
Message-ID: <456@seismo.UUCP>
Date: Fri, 9-Dec-83 15:04:53 EST
Article-I.D.: seismo.456
Posted: Fri Dec  9 15:04:53 1983
Date-Received: Sun, 11-Dec-83 01:32:54 EST
Organization: Center for Seismic Studies, Arlington, VA
Lines: 35

This is a repeat of a fix I reported about a year ago, but which
apparently did not make it to "official" versions.
It appears in .../tip/remcap.c (4.6	81/11/29), which is hacked from
.../libtermlib/termcap.c (unnumbered and undated).

The problem is that if the string `tcname' is not terminated with a
colon, the indicated while loop will clobber one somewhere else in
your stack.

Note in passing, that the problem is rarely seen if keepers of
/etc/remote and /etc/termcap are relatively fastidious in adhering
to the proper format.

	John Stewart, Teledyne Geotech

*** remcap.c	Fri Dec  9 14:28:23 1983
--- remcap.c.bad	Thu Jul 28 11:12:08 1983
***************
*** 168,174
  		return(1);
  	strcpy(tcname,p+3);
  	q = tcname;
! 	while (*q && *q != ':')
  		q++;
  	*q = 0;
  	if (++hopcount > MAXHOP) {

--- 168,174 -----
  		return(1);
  	strcpy(tcname,p+3);
  	q = tcname;
! 	while (q && *q != ':')
  		q++;
  	*q = 0;
  	if (++hopcount > MAXHOP) {