Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!mcnc!ece-csc!ncrcae!sauron!wescott
From: wescott@sauron.Columbia.NCR.COM (Mike Wescott)
Newsgroups: comp.bugs.misc
Subject: filename expansion bug in uux (Honey Danber) w/patch
Message-ID: <799@sauron.Columbia.NCR.COM>
Date: Thu, 8-Jan-87 23:50:46 EST
Article-I.D.: sauron.799
Posted: Thu Jan  8 23:50:46 1987
Date-Received: Fri, 9-Jan-87 06:09:52 EST
Sender: news@sauron.Columbia.NCR.COM
Reply-To: wescott@sauron.UUCP (Mike Wescott)
Distribution: world
Organization: Advanced Systems Development, NCR Corp., Columbia, SC
Lines: 152

In the version of HDB uucp (BNU 2.0, I think), there are is a bug in the
way uux expands filenames in a command.  Sometimes what seems to be a valid
won't get properly expanded and the file shipped to the remote system.
uux treats arguments (other than the command argument) as filenames if it 
has a '!' in it; except in the case where the local system is explicitly
specified.  

	!~/x	becomes PUBDIR/x and the file is shipped to the remote
	!~/x	becomes ~/x and the file is NOT shipped
	~/x		is not expanded (no bang, hence not a filename)

multiple ! prefixes are dropped, but not multiple ! prefixes.
The inconsistency is annoying but not severe.  In any case, the following
patch to getprm.c will drop multiple ! and/or multiple ! prefixes
and then send the file.

Are there any reasons (security holes perhaps) why this fix should not
be implemented???

	-Mike Wescott
	ncrcae!wescott


*** getprm.c.orig	Thu Jan  8 14:47:21 1987
--- getprm.c	Thu Jan  8 15:10:44 1987
***************
*** 92,97
  char *sys, *rest;
  {
  	register char *c, *n;
  
  	*sys = '\0';
  	if (*name == LQUOTE) {

--- 92,98 -----
  char *sys, *rest;
  {
  	register char *c, *n;
+ 	register int foundsys;
  
  	*sys = '\0';
  	foundsys = FALSE;
***************
*** 94,99
  	register char *c, *n;
  
  	*sys = '\0';
  	if (*name == LQUOTE) {
  		c = bal(name, RQUOTE);
  		name++;

--- 95,101 -----
  	register int foundsys;
  
  	*sys = '\0';
+ 	foundsys = FALSE;
  	if (*name == LQUOTE) {
  		c = bal(name, RQUOTE);
  		name++;
***************
*** 99,105
  		name++;
  		(void) strncpy(rest, name, c-name);
  		rest[c-name] = '\0';
! 		return(0);
  	}
  
  	for (n = name ;; n = c+1) { /* loop to get rid if initial Mynames */

--- 101,107 -----
  		name++;
  		(void) strncpy(rest, name, c-name);
  		rest[c-name] = '\0';
! 		return(FALSE);
  	}
  
  	for (n = name ;; n = c+1) { /* loop to get rid if initial Mynames */
***************
*** 105,111
  	for (n = name ;; n = c+1) { /* loop to get rid if initial Mynames */
  	    if ((c = strchr(n, '!')) == NULL) {
  		(void) strcpy(rest, n);
! 		return(0);
  	    }
  
  	    /*  ignore escaped '!' */

--- 107,113 -----
  	for (n = name ;; n = c+1) { /* loop to get rid if initial Mynames */
  	    if ((c = strchr(n, '!')) == NULL) {
  		(void) strcpy(rest, n);
! 		return(foundsys);
  	    }
  
  	    /*  ignore escaped '!' */
***************
*** 113,119
  		*(c-1) = '\0';
  		(void) strcpy(rest, n);
  		(void) strcat(rest, c);
! 		return(0);
  	    }
  
  	    *c = '\0';

--- 115,121 -----
  		*(c-1) = '\0';
  		(void) strcpy(rest, n);
  		(void) strcat(rest, c);
! 		return(foundsys);
  	    }
  
  	    *c = '\0';
***************
*** 117,123
  	    }
  
  	    *c = '\0';
! 	    if (EQUALS(n, Myname)) /* initial system is Myname */
  		continue;
  
  	    (void) strcpy(sys, n);

--- 119,126 -----
  	    }
  
  	    *c = '\0';
! 	    if (EQUALS(n, Myname) || (c == n)) { /* initial system is Myname */
! 		foundsys = TRUE;
  		continue;
  	    }
  
***************
*** 119,124
  	    *c = '\0';
  	    if (EQUALS(n, Myname)) /* initial system is Myname */
  		continue;
  
  	    (void) strcpy(sys, n);
  	    (void) strcpy(rest, ++c);

--- 122,128 -----
  	    if (EQUALS(n, Myname) || (c == n)) { /* initial system is Myname */
  		foundsys = TRUE;
  		continue;
+ 	    }
  
  	    (void) strcpy(sys, n);
  	    (void) strcpy(rest, ++c);
-- 
	-Mike Wescott
	 ncrcae!wescott