[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: system/1494: ftpd.c



The following reply was made to PR system/1494; it has been noted by GNATS.

From: Ian McWilliam <i_(_dot_)_mcwilliam_(_at_)_cit_(_dot_)_nepean_(_dot_)_uws_(_dot_)_edu_(_dot_)_au>
To: gnats_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org, Received:, ;;;;Tue_(_at_)_oberon_(_dot_)_cit_(_dot_)_nepean_(_dot_)_uws_(_dot_)_edu_(_dot_)_au;;;,
   7 Nov 2000 10:
Cc:  Subject: Re: system/1494: ftpd.c
Date: Wed, 8 Nov 2000 11:09:17 +1100

 At 6:12 PM +0100 2000/11/07, =?iso-8859-2?Q?Pawe=B3_Krawczyk?= wrote:
 >>Number:         1494
 >>Category:       system
 >>Synopsis:       Username buffer in ftpd is too short.
 >>Confidential:   no
 >>Severity:       non-critical
 >>Priority:       low
 >>Responsible:    bugs
 >>State:          open
 >>Class:          sw-bug
 >>Submitter-Id:   net
 >>Arrival-Date:   Tue Nov  7 10:20:01 MST 2000
 >>Last-Modified:
 >>Originator:     Pawel Krawczyk
 >>Organization:
 >ABA
 >>Release:        -current
 >>Environment:
 >        System      : OpenBSD 2.8
 >        Architecture: OpenBSD.i386
 >        Machine     : i386
 >>Description:
 >The username buffer is 16 bytes long, but use of strncpy() later
 >actually copies only 15 bytes to leave space for terminating NULL.
 >So, if usernames up to 16 bytes are allowed in the system, the buffer
 >should be 17 bytes long.
 >>How-To-Repeat:
 >Create an username of 16 bytes and try to login on FTP.
 >>Fix:
 
 In the interest of getting proper long username support into the OS at some
 point. Buffers that are hard coded should be removed. Ideally the buffer
 should look like.
 
 sys/param.h defines MAXLOGNAME.
 
 static char curname[MAXLOGNAME+1];
 
 currently MAXLOGNAME is set to 12. According to the sys/param.h MAXLOGNAME
 >= UT_NAMESIZE which is defined in utmp.h . It has a current value of 8. So
 far from my workings on long usernames we really have to have a buffer that
 allows for the username length + 5 to allow for things like the addition of
 .root for kerberos stuff.
 
 It would be nice to see hard coded buffers disappear in the tool chain.
 
 >--- ftpd.c.orig Tue Nov  7 18:56:35 2000
 >+++ ftpd.c      Tue Nov  7 18:56:42 2000
 >@@ -692,7 +692,7 @@
 >
 > static int login_attempts;     /* number of failed login attempts */
 > static int askpasswd;          /* had user command, ask for passwd */
 >-static char curname[16];       /* current USER name */
 >+static char curname[17];       /* current USER name */
 >
 > /*
 >  * USER command.
 >
 >--
 >Pawe? Krawczyk <http://ceti.pl/~kravietz/>
 >
 >>Audit-Trail:
 >>Unformatted:
 
 
 
 
 _________________________________
 Ian McWilliam.
 Technical Officer,
 School of Computing & IT
 Uni of Western Sydney, NEPEAN.
 P.O.Box 10 Kingswood,
 N.S.W, Australia 2747.
 
 mailto:ianm_(_at_)_cit_(_dot_)_nepean_(_dot_)_uws_(_dot_)_edu_(_dot_)_au
 mailto:i_(_dot_)_mcwilliam_(_at_)_uws_(_dot_)_edu_(_dot_)_au
 
 Telephone: 61 247360 757
 Fax:       61 247360 770
 __________________________________
 
 




Visit your host, monkey.org