From owner-freebsd-security  Tue Aug 13 06:22:58 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id GAA13287
          for security-outgoing; Tue, 13 Aug 1996 06:22:58 -0700 (PDT)
Received: from ns.frihet.com (root@frihet.bayarea.net [205.219.92.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA13281
          for <freebsd-security@FreeBSD.org>; Tue, 13 Aug 1996 06:22:55 -0700 (PDT)
Received: from ns.frihet.com (tweten@localhost [127.0.0.1])
	by ns.frihet.com (8.7.5/8.6.12) with ESMTP id GAA18894; Tue, 13 Aug 1996 06:22:08 -0700 (PDT)
Message-Id: <199608131322.GAA18894@ns.frihet.com>
X-Mailer: exmh version 1.6.7 5/3/96
Reply-To: "David E. Tweten" <tweten@frihet.com>
To: ollivier.robert@eurocontrol.fr (Ollivier Robert)
cc: freebsd-security@FreeBSD.org
Subject: Re: SECURITY: LSF Update#11: Vulnerability of rlogin 
Date: Tue, 13 Aug 1996 06:22:07 -0700
From: "David E. Tweten" <tweten@frihet.com>
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

ollivier.robert@eurocontrol.fr said:
>! 		if (strlen(term) + strlen(baud) < sizeof(term) - 1)
>! 			(void)strcat(term, baud); 

This looks like a (reasonably harmless) off-by-one error to me.  Shouldn't 
it rather be (minimum change)

	if (strlen(term) + strlen(baud) <= sizeof(term) - 1)

or (most readable)

	if (strlen(term) + strlen(baud) + 1 <= sizeof(term))

or (least operations)

	if (strlen(term) + strlen(baud) < sizeof(term))

instead?
-- 
David E. Tweten          |  PGP Key fingerprint:        |  tweten@frihet.com
12141 Atrium Drive       |     E9 59 E7 5C 6B 88 B8 90  |     tweten@and.com
Saratoga, CA 95070-3162  |     65 30 2A A4 A0 BC 49 AE  |     (408) 446-4131