Path: utzoo!attcan!uunet!mcvax!unido!iraun1!iraul1!finken From: finken@iraul1.ira.uka.de (Michael Finken) Newsgroups: news.sysadmin Subject: A fix for ftpd Keywords: ftpd Message-ID: <696@iraun1.ira.uka.de> Date: 15 Nov 88 21:44:21 GMT Sender: news@iraun1.ira.uka.de Reply-To: finken@ira.uka.de (Michael Finken) Organization: Karlsruhe University, West-Germany Lines: 49 Hello World, We are running a Vax 11/750 with 4.3bsd and provide anonymous ftp services. Two days ago a friendly user showed us how the bug in ftpd works. As we are lucky to have the sources for ftpd, I tried to find out what is wrong... - The bug is the result of a typical *feature* of unix library routines. A lot of them do something, leave the result in a static area and return a pointer to it, so does getpwnam(). A second call to getpwnam() overwrites the output of the first. What's the slogan for such stuff? "It's a feature, not a bug" My fix works in the yacc parsing entry (or whatever the correct word maybe in English) for pathnames. ftp allows the user to specify ~username as short for the user's home directory. An internal routine uses getpwnam() to retrieve the requested home directory. All ftpd commands referring to pathnames require a symbol 'check_login', which sends an appropriate reply code if the user is not yet logged in. But yacc also executes the action routine for pathname parsing... The only change I made was in the file ftpcmd.y (/src/etc/ftpd/ftpcmd.y) of the 4.3bsd sources. I hope the diff command was correct, the lines starting with '>' are the new ones... ----------------------------------------------------------------here we go-- 427c427,428 < if ($1 && strncmp((char *) $1, "~", 1) == 0) { --- > if (logged_in) { > if ($1 && strncmp((char *) $1, "~", 1) == 0) { 434c435 < } else --- > } else 435a437,438 > } else > $$ = NULL; ------------------------------------------------------------------end------- We installed this patch and it worked, but I am only a 'medium level' beginner with unix, so if you think about applying this fix, check first what it does. My boss tested the new version; but we're all only humans... Bye, Michael Finken, Postmaster@unika1.ira.uka.de