From dimaker@pluton.lipetsk.ru  Thu Sep 14 03:50:27 2000
Return-Path: <dimaker@pluton.lipetsk.ru>
Received: from postman.lipetsk.ru (postman.lipetsk.ru [195.34.224.68])
	by hub.freebsd.org (Postfix) with ESMTP id 0EE9A37B423
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 14 Sep 2000 03:50:27 -0700 (PDT)
Received: from pluton.lipetsk.ru ([195.34.224.84]:62725 "EHLO
        pluton.lipetsk.ru") by relay.lipetsk.ru with ESMTP
	id <S10875AbQINKuM>; Thu, 14 Sep 2000 14:50:12 +0400
Received: (from root@localhost)
	by pluton.lipetsk.ru (8.9.3/8.9.3) id OAA38146;
	Thu, 14 Sep 2000 14:49:30 +0400 (MSD)
	(envelope-from dimaker)
Message-Id: <200009141049.OAA38146@pluton.lipetsk.ru>
Date: Thu, 14 Sep 2000 14:49:30 +0400 (MSD)
From: rabbit@lipetsk.ru
Sender: dimaker@pluton.lipetsk.ru
Reply-To: rabbit@lipetsk.ru
To: FreeBSD-gnats-submit@freebsd.org
Subject: uux patch 
X-Send-Pr-Version: 3.2

>Number:         21260
>Category:       ports
>Synopsis:       buffer overrun in uux
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dinoex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 14 04:00:01 PDT 2000
>Closed-Date:    Fri Apr 23 18:13:28 CEST 2004
>Last-Modified:  Fri Apr 23 18:13:28 CEST 2004
>Originator:     Alexey Antipov
>Release:        FreeBSD 4.1-RELEASE i386
>Organization:
JSC "Lipetskelektosvyas", Lipetsk, Russia
>Environment:
	System: FreeBSD 4.1-RELEASE i386

>Description:
	uux has buffer overrun and therefore incorrectly handling nodenames
8-characters length and probably all quad-multiple lengths.

>How-To-Repeat:
	Execute command:
	echo "test" | uux.orig - -r -gd access!foobar12!rnews
and you will see in the uucp spool a file with the incorrectly string :
	C uucp -C -W -d -g d D.X09IF foobar12(Hh!X.plutond09IF
	If you execute command:
	echo "test" | uux.orig - -r -gd access!foobar1!rnews
and you will see in the uucp spool a file with the right string :
	C uucp -C -W -d -g d D.X09IF foobar1!X.plutond09IF

>Fix:
	Just apply to uux.c the following patch:

--- uux.c.orig	Thu Sep 14 14:06:21 2000
+++ uux.c	Thu Sep 14 13:49:24 2000
@@ -532,7 +532,7 @@
       else
 	{
 	  clen = zexclam - zcmd;
-	  zforward = zbufalc (clen);
+	  zforward = zbufalc (clen+4);
 	  memcpy (zforward, zcmd, clen);
 	  zforward[clen] = '\0';
 	  zcmd = zexclam + 1;

--
SY


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dinoex 
Responsible-Changed-By: arved 
Responsible-Changed-When: Fri Apr 23 08:28:01 PDT 2004 
Responsible-Changed-Why:  
uucp is now in ports. Over to port-maintainer. 
It looks like this is already fixed in the port. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21260 
State-Changed-From-To: open->closed 
State-Changed-By: dinoex 
State-Changed-When: Fri Apr 23 18:12:09 CEST 2004 
State-Changed-Why:  
Verified that this problem was fixed updtream with update to 1.07 
date: 2003/06/14 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21260 
>Unformatted:
