[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: system/1494: ftpd.c

The following reply was made to PR system/1494; it has been noted by GNATS.

From: Ian McWilliam <i_(_dot_)_mcwilliam_(_at_)_cit_(_dot_)_nepean_(_dot_)_uws_(_dot_)_edu_(_dot_)_au>
To: gnats_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org, Received:, ;;;;Tue_(_at_)_oberon_(_dot_)_cit_(_dot_)_nepean_(_dot_)_uws_(_dot_)_edu_(_dot_)_au;;;,
   7 Nov 2000 10:
Cc:  Subject: Re: system/1494: ftpd.c
Date: Wed, 8 Nov 2000 11:09:17 +1100

 At 6:12 PM +0100 2000/11/07, =?iso-8859-2?Q?Pawe=B3_Krawczyk?= wrote:
 >>Number:         1494
 >>Category:       system
 >>Synopsis:       Username buffer in ftpd is too short.
 >>Confidential:   no
 >>Severity:       non-critical
 >>Priority:       low
 >>Responsible:    bugs
 >>State:          open
 >>Class:          sw-bug
 >>Submitter-Id:   net
 >>Arrival-Date:   Tue Nov  7 10:20:01 MST 2000
 >>Originator:     Pawel Krawczyk
 >>Release:        -current
 >        System      : OpenBSD 2.8
 >        Architecture: OpenBSD.i386
 >        Machine     : i386
 >The username buffer is 16 bytes long, but use of strncpy() later
 >actually copies only 15 bytes to leave space for terminating NULL.
 >So, if usernames up to 16 bytes are allowed in the system, the buffer
 >should be 17 bytes long.
 >Create an username of 16 bytes and try to login on FTP.
 In the interest of getting proper long username support into the OS at some
 point. Buffers that are hard coded should be removed. Ideally the buffer
 should look like.
 sys/param.h defines MAXLOGNAME.
 static char curname[MAXLOGNAME+1];
 currently MAXLOGNAME is set to 12. According to the sys/param.h MAXLOGNAME
 >= UT_NAMESIZE which is defined in utmp.h . It has a current value of 8. So
 far from my workings on long usernames we really have to have a buffer that
 allows for the username length + 5 to allow for things like the addition of
 .root for kerberos stuff.
 It would be nice to see hard coded buffers disappear in the tool chain.
 >--- ftpd.c.orig Tue Nov  7 18:56:35 2000
 >+++ ftpd.c      Tue Nov  7 18:56:42 2000
 >@@ -692,7 +692,7 @@
 > static int login_attempts;     /* number of failed login attempts */
 > static int askpasswd;          /* had user command, ask for passwd */
 >-static char curname[16];       /* current USER name */
 >+static char curname[17];       /* current USER name */
 > /*
 >  * USER command.
 >Pawe? Krawczyk <http://ceti.pl/~kravietz/>
 Ian McWilliam.
 Technical Officer,
 School of Computing & IT
 Uni of Western Sydney, NEPEAN.
 P.O.Box 10 Kingswood,
 N.S.W, Australia 2747.
 Telephone: 61 247360 757
 Fax:       61 247360 770

Visit your host, monkey.org