netbsd-bugs: misc/479: ftp can dump core + FIX

Subject: misc/479: ftp can dump core + FIX
To: None <gnats-admin@sun-lamp.cs.berkeley.edu>
From: John Kohl <jtk@kolvir.blrc.ma.us>
List: netbsd-bugs
Date: 09/16/1994 04:50:05

>Number:         479
>Category:       misc
>Synopsis:       ftp can dump core depending on contents of ~/.netrc
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gnats-admin (Misc Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 16 04:50:03 1994
>Originator:     John Kohl
>Organization:
>Release:        1.0_BETA
>Environment:
i486/33
System: NetBSD kolvir 1.0_BETA NetBSD 1.0_BETA (KOLVIR) #16: Thu Sep 15 22:03:20 EDT 1994 jtk@kolvir:/u1/NetBSD-1.0/src/sys/arch/i386/compile/KOLVIR i386

>Description:
If your ~/.netrc has a password line before a login line, ftp will dump
core.

>How-To-Repeat:
Put this in your ~/.netrc:
machine foo.bar
	password yourname@your.domain
	login anonymous

run ftp to foo.bar, watch it dump core.

>Fix:
Apply this patch:
*** 1.1	1994/09/16 11:14:35
--- src/usr.bin/ftp/ruserpass.c	1994/09/16 11:16:56
***************
*** 145,151 ****
  				}
  			break;
  		case PASSWD:
! 			if (strcmp(*aname, "anonymous") &&
  			    fstat(fileno(cfile), &stb) >= 0 &&
  			    (stb.st_mode & 077) != 0) {
  	warnx("Error: .netrc file is readable by others.");
--- 145,151 ----
  				}
  			break;
  		case PASSWD:
! 			if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
  			    fstat(fileno(cfile), &stb) >= 0 &&
  			    (stb.st_mode & 077) != 0) {
  	warnx("Error: .netrc file is readable by others.");

>Audit-Trail:
>Unformatted: