Bug 31002

Summary: whois dumps contents of /etc/services when looking up non-existent .biz names
Product: Base System Reporter: newton <newton>
Component: binAssignee: Mike Barcroft <mike>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-RELEASE   
Hardware: Any   
OS: Any   

Description newton 2001-10-03 09:10:01 UTC 
	Null-termination doesn't appear to be working correctly in
	whois.c:269 in a call to fgetln().  The returned buffer ends
	up containing the error message which tells you that whatever
	you're looking for doesn't exist, followed by most of the contents
	of /etc/services.

	The basic problem appear to be that the .biz whois server is
	returning non-standard information (or, at least, information in
	a non-standard format), which is defeating the efforts of 
	whois.c line 270 and 271 to null-terminate the buffer returned
	by fgetln().

Fix: 

In an ideal world, the .biz people would emit error messages in 
	the same format as everyone else.  Because the world is less than
	ideal, however, life kinda sucks a bit.

	There are several potential fixes.  Unconditionally null-terminating
	the buffer returned by fgetln() is one:  buf[len - 1] = '\0' should
	probably happen between line 269 and line 270, so that we have a 
	null-terminated buffer whether the parsing efforts at line 270 and
	271 work properly or not.  There are other equally defensive 
	possibilities.
How-To-Repeat: 
	% whois bad-domain.biz
Comment 1 Peter Pentchev freebsd_committer freebsd_triage 2001-10-03 09:49:36 UTC 
State Changed
From-To: open->analyzed

This is the same problem as in PR bin/30968. 
The fix is indeed to null-terminate the read string, as done in 
the patches posted in the audit trail of bin/30968. 
I'll commit the second patch shortly, after it has been properly reviewed.
Comment 2 Peter Pentchev freebsd_committer freebsd_triage 2001-10-03 09:49:36 UTC 
Responsible Changed
From-To: freebsd-bugs->roam

I'll take care of this problem and commit the necessary patches.
Comment 3 Peter Pentchev freebsd_committer freebsd_triage 2001-10-08 12:26:28 UTC 
Responsible Changed
From-To: roam->mike

Actually it is Mike Barcroft, the whois(1) maintainer, who came up 
with a better patch.
Comment 4 Peter Pentchev freebsd_committer freebsd_triage 2001-10-08 12:26:28 UTC 
Responsible Changed
From-To: roam->mike

Mike Barcroft came up with a better patch.
Comment 5 Mike Barcroft freebsd_committer freebsd_triage 2001-11-16 04:57:23 UTC 
State Changed
From-To: analyzed->closed


Duplicate of PR/31002.
Comment 6 Mike Barcroft freebsd_committer freebsd_triage 2001-11-16 05:03:16 UTC 
mike@FreeBSD.org <mike@FreeBSD.org> writes:
> Duplicate of PR/31002.

Sorry, that should say: Duplicate of PR bin/30928.

Best regards,
Mike Barcroft