Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site wateng.UUCP
Path: utzoo!watmath!wateng!padpowell
From: padpowell@wateng.UUCP (PAD Powell)
Newsgroups: net.flame,net.bugs.4bsd
Subject: Re: YARB (yet another rexec bug!)
Message-ID: <2413@wateng.UUCP>
Date: Sat, 18-May-85 07:57:30 EDT
Article-I.D.: wateng.2413
Posted: Sat May 18 07:57:30 1985
Date-Received: Sun, 19-May-85 00:24:54 EDT
References: <1204@opus.UUCP>
Reply-To: padpowell@wateng.UUCP (PAD Powell)
Distribution: net
Organization: U of Waterloo, Ontario
Lines: 37
Xref: watmath net.flame:9978 net.bugs.4bsd:1530
Summary: 

In article <1204@opus.UUCP> atkins@opus.UUCP (Brian Atkins) writes:
>
>	In rexecd.c there is an off-by-one error in getstr.
>strings can only by n-1 characters long where n is the size of the buffer
>passed into getstr.  
>***************************************************************
>
>***************************************************************
>Here is a fix, simple as it is.
>***************************************************************
>
>getstr(buf2, cnt, err)
>	char *buf2;
>	int cnt;
>	char *err;
>{
>	char c, *buf;
>
>	buf = buf2;
>	do {
>		if (cnt-- == 0) {
>			printf("%s too long\n", err);
>			exit(1);
>		}
>		if (read(0, &c, 1) != 1)
>			exit(1);
>		*buf++ = c;
>	} while (c != 0);
****	*buff = '\0';		<--- terminating 0
>}
>
>***************************************************************
>Brian Atkins   ...{attunix, hao, allegra, ucbvax}!nbires!atkins
>NBI Inc., P.O. Box 9001, Boulder CO 80301	(303) 444-5710

Don't forget to add the terminating 0.
Patrick Powell