From owner-freebsd-bugs  Tue Oct  2  4:20: 8 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8884237B407
	for <freebsd-bugs@hub.freebsd.org>; Tue,  2 Oct 2001 04:20:02 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f92BK2L92453;
	Tue, 2 Oct 2001 04:20:02 -0700 (PDT)
	(envelope-from gnats)
Date: Tue, 2 Oct 2001 04:20:02 -0700 (PDT)
Message-Id: <200110021120.f92BK2L92453@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Peter Pentchev <roam@ringlet.net>
Subject: Re: bin/30968: whois client bug w/ .biz
Reply-To: Peter Pentchev <roam@ringlet.net>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/30968; it has been noted by GNATS.

From: Peter Pentchev <roam@ringlet.net>
To: Sean Kelly <smkelly@zombie.org>
Cc: FreeBSD-gnats-submit@freebsd.org, douglas@min.net
Subject: Re: bin/30968: whois client bug w/ .biz
Date: Tue, 2 Oct 2001 14:06:32 +0300

 On Mon, Oct 01, 2001 at 03:25:31PM -0500, Sean Kelly wrote:
 > 
 > >Number:         30968
 > >Category:       bin
 > >Synopsis:       whois client bug w/ .biz
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Originator:     Sean Kelly
 > >Release:        FreeBSD 4.4-STABLE i386
 > >Organization:
 > >Environment:
 > System: FreeBSD edgemaster.zombie.org 4.4-STABLE FreeBSD 4.4-STABLE #1: Sat Sep 29 22:12:48 CDT 2001 root@edgemaster.zombie.org:/usr/obj/usr/src/sys/EDGEMASTER i386
 > 	Multiple machines, /usr/src/usr.bin/whois/whois.c version 1.15.2.4
 > >Description:
 > 	The whois client mangles output when doing specific searches and
 > 	presented with specific results, specifically with results lacking
 > 	a final CR.
 > >How-To-Repeat:
 > 	First, do 'whois haha.biz'.  Notice the odd output?
 > 	Now, do 'whois haha.biz|cat'.  Notice the different output?
 
 These are both due to the fact that, as you noticed, the final CR
 is missing.  The whois(1) code assumes incorrectly that fgetln(3)
 will always return a isspace(3)-terminated string.  This is not
 the case, as noted in a prominent warning on the fgetln(3) manual page.
 As a result, an out-of-bound string access is made.  For some reason,
 when the output is sent to a terminal, that out-of-bound access reads
 the previously read contents of /etc/services (whois(1) needs that
 to determine which port the whois/tcp service is on).
 
 Can you try the attached patch?
 
 G'luck,
 Peter
 
 -- 
 This sentence no verb.
 
 Index: src/usr.bin/whois/whois.c
 ===================================================================
 RCS file: /home/ncvs/src/usr.bin/whois/whois.c,v
 retrieving revision 1.15.2.4
 diff -u -r1.15.2.4 whois.c
 --- src/usr.bin/whois/whois.c	2001/08/02 02:21:24	1.15.2.4
 +++ src/usr.bin/whois/whois.c	2001/10/02 16:15:22
 @@ -51,6 +51,7 @@
  #include <arpa/inet.h>
  #include <ctype.h>
  #include <err.h>
 +#include <errno.h>
  #include <netdb.h>
  #include <stdarg.h>
  #include <stdio.h>
 @@ -267,6 +268,17 @@
  	nhost = NULL;
  	nomatch = 0;
  	while ((buf = fgetln(sfi, &len)) != NULL) {
 +		if ((len == 0) || !isspace(buf[len - 1])) {
 +			char *newbuf;
 +
 +			newbuf = realloc(buf, len + 1);
 +			if (newbuf == NULL) {
 +				errno = ENOMEM;
 +				err(1, "reallocating");
 +			}
 +			newbuf[len] = '\0';
 +			buf = newbuf;
 +		}
  		while (len && isspace(buf[len - 1]))
  			buf[--len] = '\0';
  

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message