From owner-freebsd-current  Fri Feb  7 14:42:20 1997
Return-Path: <owner-current>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA28661
          for current-outgoing; Fri, 7 Feb 1997 14:42:20 -0800 (PST)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA28642
          for <freebsd-current@freebsd.org>; Fri, 7 Feb 1997 14:42:13 -0800 (PST)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.3/8.6.9) id JAA19754; Sat, 8 Feb 1997 09:34:21 +1100
Date: Sat, 8 Feb 1997 09:34:21 +1100
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199702072234.JAA19754@godzilla.zeta.org.au>
To: freebsd-current@freebsd.org, imp@village.org
Subject: Re: CERT Advisory CA-97.06 - Vulnerability in rlogin/term (fwd)
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>: FreeBSD, Inc.
>: =============
>:         This vulnerability is present in FreeBSD 2.1.5 and previous
>:         versions.  It was fixed in all FreeBSD source and
>:         binary distributions dated after 1996/07/25.
>...
>: !       term[MAX_TERM_LENGTH] = '\0';
>...
>
>Shouldn't that be MAX_TERM_LENGTH-1?

No.  MAX_TERM_LENGTH really is the maximum string length, so it doesn't
count the nul terminator.  Anyway, N-1 should be N - 1 :-).

Bruce