From jon@spock.org  Sat Mar 18 11:52:56 2000
Return-Path: <jon@spock.org>
Received: from spock.org (cm-24-161-8-2.nycap.rr.com [24.161.8.2])
	by hub.freebsd.org (Postfix) with ESMTP id EC6E937B609
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 18 Mar 2000 11:52:54 -0800 (PST)
	(envelope-from jon@spock.org)
Received: (from jon@localhost)
	by spock.org  serial EF600Q3T-B7F;
	Sat, 18 Mar 2000 14:52:53 -0500 (EST)
	(envelope-from jon)
Message-Id: <200003181952.OAA46459@spock.org>
Date: Sat, 18 Mar 2000 14:52:53 -0500 (EST)
From: Jonathan Chen <jon@spock.org>
Reply-To: jon@spock.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: uudecode -i (no overwrite) flag bogus
X-Send-Pr-Version: 3.2

>Number:         17476
>Category:       bin
>Synopsis:       uudecode -i (no overwrite) flag bogus
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    sheldonh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 18 12:00:01 PST 2000
>Closed-Date:    Sun Aug 6 10:21:09 PDT 2000
>Last-Modified:  Sun Aug 06 10:21:46 PDT 2000
>Originator:     Jonathan Chen
>Release:        All releases since 2.2
>Organization:
>Environment:

	

>Description:
The -i flag in uudecode has no effect except for printing "not overwritten".
It overwrites the file anyway.  This problem existed since the introduction
of the -i flag in uudecode.
	

>How-To-Repeat:
uudecode foo < somefile > foo.uu
touch foo
uudecode -i foo.uu
(uudecode will now tell you "foo" was not overwritten, but overwrite it anyway)
>Fix:
recommend the following patch: (should work on -STABLE and -CURRENT)
--- uudecode.c~	Sat Mar 18 14:50:48 2000
+++ uudecode.c	Sat Mar 18 14:51:16 2000
@@ -197,9 +197,10 @@
 		; /* print to stdout */
 
 	else {
-		if (iflag && !access(buf, F_OK))
+		if (iflag && !access(buf, F_OK)) {
 			(void)fprintf(stderr, "not overwritten: %s\n", buf);
-		if (!freopen(buf, "w", stdout) ||
+			freopen("/dev/null", "w", stdout);
+		} else if (!freopen(buf, "w", stdout) ||
 		    fchmod(fileno(stdout), mode&0666)) {
 			warn("%s: %s", buf, filename);
 			return(1);
	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->sheldonh 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Mon Mar 20 01:42:38 PST 2000 
Responsible-Changed-Why:  
I'll take this one. 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: jon@spock.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17476: uudecode -i (no overwrite) flag bogus 
Date: Mon, 20 Mar 2000 11:47:26 +0200

 On Sat, 18 Mar 2000 14:52:53 EST, Jonathan Chen wrote:
 
 > -		if (iflag && !access(buf, F_OK))
 > +		if (iflag && !access(buf, F_OK)) {
 >  			(void)fprintf(stderr, "not overwritten: %s\n", buf);
 > -		if (!freopen(buf, "w", stdout) ||
 > +			freopen("/dev/null", "w", stdout);
 > +		} else if (!freopen(buf, "w", stdout) ||
 >  		    fchmod(fileno(stdout), mode&0666)) {
 
 Shouldn't we still check the return value of the freopen call in the
 iflag case?
 
 Ciao,
 Sheldon.
 

From: Jonathan Chen <jon@spock.org>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17476: uudecode -i (no overwrite) flag bogus
Date: Wed, 22 Mar 2000 02:28:03 -0500

 On Mon, Mar 20, 2000 at 11:47:26AM +0200, Sheldon Hearn wrote:
 > 
 > 
 > On Sat, 18 Mar 2000 14:52:53 EST, Jonathan Chen wrote:
 > 
 > > -		if (iflag && !access(buf, F_OK))
 > > +		if (iflag && !access(buf, F_OK)) {
 > >  			(void)fprintf(stderr, "not overwritten: %s\n", buf);
 > > -		if (!freopen(buf, "w", stdout) ||
 > > +			freopen("/dev/null", "w", stdout);
 > > +		} else if (!freopen(buf, "w", stdout) ||
 > >  		    fchmod(fileno(stdout), mode&0666)) {
 > 
 > Shouldn't we still check the return value of the freopen call in the
 > iflag case?
 
 I suppose you can change that line to 
 if (freopen("/dev/null", "w", stdout)==NULL) perror("Cannot open /dev/null"), exit(1);
 
 When I originally made the report I figured everyone would have /dev/null
 but didn't take into account of chrooted environments and such...  I
 suppose a more "elegant" solution might be to jump to a function that just
 reads till it sees the end -- but if you do that then you won't be warned
 if there's a potential error in the ignored uuencoded file.  Opening
 /dev/null just seems to me the easiest and most direct way of skimming over
 the file.
 
 -- 
     (o_ 1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2 _o)
  \\\_\            Jonathan Chen              jon@spock.org           /_///
  <____) 2 is not equal to 3 -- not even for the largest value of 2. (____>
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Jonathan Chen <jon@spock.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17476: uudecode -i (no overwrite) flag bogus 
Date: Wed, 22 Mar 2000 12:43:00 +0200

 On Wed, 22 Mar 2000 02:28:03 EST, Jonathan Chen wrote:
 
 > When I originally made the report I figured everyone would have
 > /dev/null but didn't take into account of chrooted environments and
 > such...  I suppose a more "elegant" solution might be to jump to a
 > function that just reads till it sees the end
 
 Since elegance isn't one of the main attractions of the existing code, I
 was thinking something more along the lines of the following. :-)
 
 Ciao,
 Sheldon.
 
 Index: uudecode.c
 ===================================================================
 RCS file: /home/ncvs/src/usr.bin/uudecode/uudecode.c,v
 retrieving revision 1.13
 diff -u -d -r1.13 uudecode.c
 --- uudecode.c	1999/08/28 01:07:16	1.13
 +++ uudecode.c	2000/03/22 10:39:04
 @@ -141,11 +141,11 @@
  	struct passwd *pw;
  	register int n;
  	register char ch, first, *p;
 -	int mode, n1;
 +	int ignore, mode, n1;
  	char buf[MAXPATHLEN];
  	char buffn[MAXPATHLEN]; /* file name buffer */
  
 -	
 +	ignore = 0;
  	/* search for header line */
  	do {
  		if (!fgets(buf, sizeof(buf), stdin)) {
 @@ -197,9 +197,10 @@
  		; /* print to stdout */
  
  	else {
 -		if (iflag && !access(buf, F_OK))
 +		if (iflag && !access(buf, F_OK)) {
  			(void)fprintf(stderr, "not overwritten: %s\n", buf);
 -		if (!freopen(buf, "w", stdout) ||
 +			ignore++;
 +		} else if (!freopen(buf, "w", stdout) ||
  		    fchmod(fileno(stdout), mode&0666)) {
  			warn("%s: %s", buf, filename);
  			return(1);
 @@ -224,6 +225,9 @@
   	filename, buffn, 1 + ' ', 077 + ' ' + 1); \
          return(1); \
  }
 +#define PUTCHAR(c) \
 +if (!ignore) \
 +	putchar(c)
  
  
  		/*
 @@ -239,11 +243,11 @@
                                  	OUT_OF_RANGE
  
  				ch = DEC(p[0]) << 2 | DEC(p[1]) >> 4;
 -				putchar(ch);
 +				PUTCHAR(ch);
  				ch = DEC(p[1]) << 4 | DEC(p[2]) >> 2;
 -				putchar(ch);
 +				PUTCHAR(ch);
  				ch = DEC(p[2]) << 6 | DEC(p[3]);
 -				putchar(ch);
 +				PUTCHAR(ch);
  				
  			}
  			else {
 @@ -251,7 +255,7 @@
  					if (!(IS_DEC(*p) && IS_DEC(*(p + 1))))
  	                                	OUT_OF_RANGE
  					ch = DEC(p[0]) << 2 | DEC(p[1]) >> 4;
 -					putchar(ch);
 +					PUTCHAR(ch);
  				}
  				if (n >= 2) {
  					if (!(IS_DEC(*(p + 1)) && 
 @@ -259,14 +263,14 @@
  		                                OUT_OF_RANGE
  
  					ch = DEC(p[1]) << 4 | DEC(p[2]) >> 2;
 -					putchar(ch);
 +					PUTCHAR(ch);
  				}
  				if (n >= 3) {
  					if (!(IS_DEC(*(p + 2)) && 
  						IS_DEC(*(p + 3))))
  		                                OUT_OF_RANGE
  					ch = DEC(p[2]) << 6 | DEC(p[3]);
 -					putchar(ch);
 +					PUTCHAR(ch);
  				}
  			}
  	}
 

From: Jonathan Chen <jon@spock.org>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/17476: uudecode -i (no overwrite) flag bogus
Date: Thu, 23 Mar 2000 15:41:05 -0500

 On Wed, Mar 22, 2000 at 12:43:00PM +0200, Sheldon Hearn wrote:
 > 
 > On Wed, 22 Mar 2000 02:28:03 EST, Jonathan Chen wrote:
 > 
 > > When I originally made the report I figured everyone would have
 > > /dev/null but didn't take into account of chrooted environments and
 > > such...  I suppose a more "elegant" solution might be to jump to a
 > > function that just reads till it sees the end
 > 
 > Since elegance isn't one of the main attractions of the existing code, I
 > was thinking something more along the lines of the following. :-)
 
 [snip]
 
 Looks good to me...
 
 -- 
     (o_ 1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2 _o)
  \\\_\            Jonathan Chen              jon@spock.org           /_///
  <____) 2 is not equal to 3 -- not even for the largest value of 2. (____>
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
State-Changed-From-To: open->analyzed 
State-Changed-By: sheldonh 
State-Changed-When: Mon Mar 27 03:49:56 PST 2000 
State-Changed-Why:  
Committed in rev 1.14 of src/usr.bin/uudecode/uudecode.c. 
Left in this state as a reminder to MFC later., 
State-Changed-From-To: analyzed->closed 
State-Changed-By: nbm 
State-Changed-When: Sun Aug 6 10:21:09 PDT 2000 
State-Changed-Why:  
sheldonh MFC'd this in revision 1.13.2.1 of uudecode.c 

http://www.freebsd.org/cgi/query-pr.cgi?pr=17476 
>Unformatted:
