Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site whuxlb.UUCP Path: utzoo!linus!philabs!cmcl2!floyd!whuxlb!eric From: eric@whuxlb.UUCP Newsgroups: net.bugs,net.bugs.uucp Subject: NASTY RMAIL -- UUCP BUG Message-ID: <1181@whuxlb.UUCP> Date: Tue, 21-Jun-83 08:30:27 EDT Article-I.D.: whuxlb.1181 Posted: Tue Jun 21 08:30:27 1983 Date-Received: Wed, 22-Jun-83 09:58:03 EDT Organization: Bell Labs, Whippany Lines: 92 A NASTY BUG IN UUCP *** THE BUG *** UUCP (as distributed with 5.0) has a nasty bug which would cause mail to be dropped on the floor. The bug was not repeatable on demand and was therefore hard to track down. *** THE SYMPTOMS *** In /usr/spool/uucp/LOGFILE, messages of the following type would often appear during a uucp connection. However, as noted above, the error did not occur during every mailing attempt: harpo!uucp (5/13-15:56:46) (Q,16250,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep ) harpo!uucp (5/13-15:56:48) (Q,16250,0) ret (400) from harpo!uucp (MAIL FAIL) harpo!uucp (5/13-15:56:49) (Q,16250,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep ) harpo!uucp (5/13-15:56:49) (Q,16250,0) QCAUGHT (QSIGNAL 13) harpo!uucp (5/13-15:57:20) (Q,16263,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep ) harpo!uucp (5/13-15:57:21) (Q,16263,0) ret (400) from harpo!uucp (MAIL FAIL) harpo!uucp (5/13-15:57:22) (Q,16263,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep ) harpo!uucp (5/13-15:57:22) (Q,16263,0) QCAUGHT (QSIGNAL 13) harpo!uucp (5/13-16:00:23) (Q,16358,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep ) *** THE PROBLEM *** UUCP uses the shell (/bin/sh) to invoke rmail to deliver mail. Before invoking the shell, UUCP changes the enviroment so that the enviroment variable LOGNAME would be set to the user sending mail, or to "uucp". The enviroment list handed to execle(2) should be terminated by a NULL pointer, which it was. However, the bug in UUCP caused several enviroment pointers to be set to ZERO LENGTH strings instead of NULL pointers. /bin/sh bombs out when it expects a string or null pointer and instead is handed a zero length string, and it died, which caused the MAIL FAIL message above and the subsequent signal 13, as UUCP tried to write down a pipe that didn't have a mail on the other end. *** THE FIX *** The fix is very simple. In /usr/src/cmd/uucp, edit the file mailst.c. On or around the 49th line, three lines will appear that look like this: - 2 - if(strncmp(envp[0], "LOGNAME", 7) == 0) sprintf(un, "LOGNAME=%s",p); envp[0] = &un[0]; The two statements following the 'if' need brackets around them, so that the new code looks like this: if(strncmp(envp[0], "LOGNAME", 7) == 0) { sprintf(un, "LOGNAME=%s",p); envp[0] = &un[0]; } Now recompile UUCP with a "make -f uucp.mk", then install the new programs with a "make -f uucp.mk save", which can be backed out with a "make -f uucp.mk restore." Eric Holtman WH 1c-352, x4890 harpo!whuxlb!eric