This is the mail archive of the
libc-alpha@sourceware.cygnus.com
mailing list for the glibc project.
Re: Fwd: Bug#21810: libc6: rexec call dumps core with user="string" and password=NULL
- To: Mark Kettenis <kettenis at wins dot uva dot nl>
- Subject: Re: Fwd: Bug#21810: libc6: rexec call dumps core with user="string" and password=NULL
- From: "Andrew Morton" <morton at nortelnetworks dot com>
- Date: Mon, 01 Nov 1999 13:36:31 +0000
- CC: schwab at suse dot de, espy at debian dot org, libc-alpha at sourceware dot cygnus dot com, 21810-forwarded at bugs dot debian dot org
- Organization: Nortel Networks, Wollongong Australia
- References: <v0420550ab4161ff786a5@[206.163.71.146]> <199910261717.TAA21188@landau.wins.uva.nl> <jehfje9fkk.fsf@hawking.suse.de> <199910270037.CAA00259@delius.kettenis.local> <381D6DDE.B829735B@asiapacificm01.nt.com> <199911011145.MAA27510@landau.wins.uva.nl>
Mark Kettenis wrote:
>
> One should probably use rcmd() instead.
mmm... Requires root though.
> If you really want to use rexec() you'll have to do the .netrc parsing
> yourself, ...
Oh I'm OK - I just make sure .netrc is valid. If it isn't I remove
./core and try again!
But right now, /usr/bin/rexec can drop core in surprising ways and
nobody is fixing it. At the risk of quoting myself: "It's all a bit of
a mess".
At the least I suggest rexec(3) be taught to not dereference NULL under
these circumstances.
--- rexec.c Thu Jul 16 15:45:29 1998
+++ new-rexec.c Tue Nov 2 00:34:34 1999
@@ -137,6 +137,9 @@
}
*fd2p = s3;
}
+
+ if (name == 0)
+ goto bad;
(void) __write(s, name, strlen(name) + 1);
/* should public key encypt the password here */
(void) __write(s, pass, strlen(pass) + 1);