Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!caip!im4u!ut-sally!husc6!talcott!gst
From: gst@talcott.HARVARD.EDU (Gary S. Trujillo)
Newsgroups: net.sources.bugs
Subject: Re: bug in UNaXcess "getuser()" [user.c]
Message-ID: <4@talcott.HARVARD.EDU>
Date: Fri, 1-Aug-86 19:20:57 EDT
Article-I.D.: talcott.4
Posted: Fri Aug  1 19:20:57 1986
Date-Received: Sat, 2-Aug-86 10:22:43 EDT
References: <1319@ncoast> <9@wjh12.HARVARD.EDU>
Reply-To: gst@talcott.UUCP (Gary S. Trujillo)
Distribution: net
Organization: Aiken Comp Lab, Harvard
Lines: 17

Oops.  I found a problem with UNaXcess, but I got the fix wrong.  It has
to do with a case in which the "userfile" has an entry which is matched
in getuser() which has too few colons.  I believe that the test at line
51 should read:

	if (ncolon < 6) {

Otherwise, an entry with fewer than 6 colons would be allowed, and one
of the for loops in the code that follows could go into a long search
through memory looking for a colon, clobbering various things as it goes.

I have just started looking at the code, so I might find additional problems
later.  If anyone else out there is working on the code and finds problems,
please post them here, or let me know via mail.  Thanks.
-- 
	Gary Trujillo
	(harvard!wjh12!gst)