Package: cfingerd
Version: 1.4.3-1.2
Severity: normal
Tags: patch
If finger forwarding is enabled and requested username looks like '/W
/user' cfingerd starts checking remote servers not from first but
from second. If there is only one server specified reading beyond the
array occurs. During my tests this caused closing connections without
giving reason.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-ck1
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to
pl_PL)
Versions of packages cfingerd depends on:
ii libc6 2.3.6-18 GNU C Library: Shared libraries
ii netbase 4.25 Basic TCP/IP networking system
cfingerd recommends no packages.
-- no debconf information
diff -Nur a/src/standard.c b/src/standard.c
--- a/src/standard.c 2006-08-04 20:59:46.000000000 +0200
+++ b/src/standard.c 2006-08-05 21:38:32.000000000 +0200
@@ -1006,6 +1006,7 @@
nums++;
strcpy(uname, username + nums);
strcpy(username, uname);
+ nums=0;
}
if ((!(prog_config.config_bits2 & SHOW_FINGERFWD)) ||
