Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site linus.UUCP
Path: utzoo!linus!sid
From: sid@linus.UUCP (Sid Stuart)
Newsgroups: net.unix-wizards,net.bugs.4bsd
Subject: Bug in 4.2 tip
Message-ID: <1007@linus.UUCP>
Date: Sat, 30-Jun-84 08:58:51 EDT
Article-I.D.: linus.1007
Posted: Sat Jun 30 08:58:51 1984
Date-Received: Sat, 30-Jun-84 21:34:37 EDT
Organization: MITRE Corp., Bedford MA
Lines: 47


Index: 4.2 BSD tip acu.c

Description: I ran into this about a month ago right before I went
on vacation. I forget exactly what was wrong, but I think if you set
the cm variable in /etc/remote to a non-null string, it would cause
tip to dump core and die. The cm string is supposed
to be sent to the computer you are connecting to. Unfortunatly, the
write statement uses the wrong character buffer, it is obvious that
the code is incorrect, if you look at it. The statement is

	pwrite(FD, cp, size(CM);

The problem is that cp and &CM point to different buffers. So if
cp points to a null buffer and &CM points to a buffer with a string in
it... you dump your core. The fix is simple, just put &CM in place of
cp. This fix will have the side effect that the program may do
what it is supposed to at this point.

Repeat: Like I said before, I have forgotten.

Fix:

*** acu.c.orig	Sun May 20 20:13:26 1984
--- acu.c	Sun May 20 20:28:17 1984
***************
*** 34,41
  	int tried = 0;
  
  	if (!DU) {		/* regular connect message */
! 		if (CM != NOSTR)
! 			pwrite(FD, cp, size(CM));
  		return (NOSTR);
  	}
  	/*

--- 34,41 -----
  	int tried = 0;
  
  	if (!DU) {		/* regular connect message */
! 		if (CM != NOSTR) 
! 			pwrite(FD, &CM, size(CM));
  		return (NOSTR);
  	}
  	/*