From pjchilds@al.imforei.apana.org.au  Tue Mar 11 01:41:05 1997
Received: from al.imforei.apana.org.au (pjchilds@al.imforei.apana.org.au [202.12.89.41])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA09676
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Mar 1997 01:41:02 -0800 (PST)
Received: (from pjchilds@localhost) by al.imforei.apana.org.au (beBop) id UAA08203; Tue, 11 Mar 1997 20:10:56 +1030 (CST)
Message-Id: <199703110940.UAA08203@al.imforei.apana.org.au>
Date: Tue, 11 Mar 1997 20:10:56 +1030 (CST)
From: Peter Childs <pjchilds@imforei.apana.org.au>
Reply-To: pjchilds@imforei.apana.org.au
To: FreeBSD-gnats-submit@freebsd.org
Subject: fetch doesn't handle FTP_TIMEOUT correctly?
X-Send-Pr-Version: 3.2

>Number:         2947
>Category:       bin
>Synopsis:       fetch doesn't handle FTP_TIMEOUT correctly?
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 11 01:50:02 PST 1997
>Closed-Date:    Tue Mar 11 07:13:32 PST 1997
>Last-Modified:  Tue Mar 11 07:18:16 PST 1997
>Originator:     Peter Childs
>Release:        FreeBSD 2.2-GAMMA i386 (and 3.0-current)
>Organization:
>Environment:

 	2.2-gamma 

>Description:

 /usr/src/usr.bin/fetch/ftp.c has this bit of code...

                        errno = 0;
                        ul = strtoul(env, &ep, 0);
                        if (*env && *ep && errno == 0 && ul <= INT_MAX)
                                fs->fs_timeout = ul;

 and the man page for strtoul says...

     unsigned long
     strtoul(const char *nptr, char **endptr, int base)
 ...
     If endptr is non nil, strtoul() stores the address of the first invalid
     character in *endptr. If there were no digits at all, however, strtoul()
     stores the original value of nptr in *endptr. (Thus, if *nptr is not `\0'
     but **endptr is `\0' on return, the entire string was valid.)

 but we have the endptr bit the wrong way around (i think.. hey.. I only
 work here :)

>How-To-Repeat:

 Set FTP_TIMEOUT to a valid time (ie something less than INT_MAX) and watch
 this statement bail 'cause *ep is never true.

>Fix:

 Add a bang.. or for the humour impaired apply this patch.
	
*** ftp.c.orig  Tue Mar 11 19:56:09 1997
--- ftp.c       Tue Mar 11 19:56:25 1997
***************
*** 367,373 ****
                if (env) {
                        errno = 0;
                        ul = strtoul(env, &ep, 0);
!                       if (*env && *ep && errno == 0 && ul <= INT_MAX)
                                fs->fs_timeout = ul;
                        else
                                warnx("`%s': invalid FTP timeout", env);
--- 367,373 ----
                if (env) {
                        errno = 0;
                        ul = strtoul(env, &ep, 0);
!                       if (*env && ! *ep && errno == 0 && ul <= INT_MAX)
                                fs->fs_timeout = ul;
                        else
                                warnx("`%s': invalid FTP timeout", env);
                                                                     

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: jmg 
State-Changed-When: Tue Mar 11 07:13:32 PST 1997 
State-Changed-Why:  
thanks for the report...  fixed in rev1.6 of ftp.c 

your patch didn't satisfy style(9)... so I applied a slightly different 
patch... 
>Unformatted:
