Pascal A. Dupuis
1998-Nov-24 10:55 UTC
source/client/client.c : redundant calls to getenv()
Another small problem in 2.0.0beta2: around line 1968, getenv() is called
three times, with the same argument. The glibc manual says the memory zone
returned by getenv() may be clobbered on non-glibc systems by other calls
to getenv(), but there are no such calls in-between. I suggest to modify
this code as :
line 1924 : char *p, *user;
line 1968 :
if ((user=getenv("USER")) {
pstrcpy(username, user);
/* modification to support userid%passwd syntax in the USER var
25.Aug.97, jdblair@uab.edu */
if ((p=strchr(username,'%'))) {
*p = 0;
pstrcpy(password,p+1);
got_pass = True;
memset(strchr(user,'%')+1,'X',strlen(password\));
}
/* modification to support PASSWD environmental var
25.Aug.97, jdblair@uab.edu */
if ((user=getenv("PASSWD"))) {
pstrcpy(password,user);
got_pass = True;
}
if ((user=getenv("PASSWD_FD")) {
get_password_file(user);
got_pass = True;
} else if ((user=getenv("PASSWD_FILE")) {
get_password_file(user);
got_pass = True;
}
if (*username == 0 && (user=getenv("LOGNAME"))) {
pstrcpy(username,user);
strupper(username);
}
Also, I don't understand at all the goal of the memset. In the original
version, it was :
memset(strchr(getenv("USER"),'%')+1,'X',strlen(password\));
thus :
-get a fresh copy of the environment string "USER" (they are still
two
lying around)
-search for the % delimiter
-replace the password part by XXX
You thus hide one copy in memory, what about the two others ?
Greetings
Pascal A. Dupuis
--
feature, n: A surprising property of a program. Occasionaly documented.
To call a property a feature sometimes means the author did not consider
that case, and the program makes an unexpected, though not necessarily
wrong response. See BUG. "That's not a bug, it's a feature!"
A bug can
be changed to a feature by documenting it.
Reasonably Related Threads
Wisdom of the Ancients
