
		15) Uninitialized fields in UUCICO

From: teklabs!reed!duke!harpo!floyd!cmcl2!salkind
Date: Thu May 6 15:02:37 1982
Subject: Two more uucp bugs
Newsgroups: net.bugs.4bsd,net.bugs
References: cntrl.c


Two bugs I recently found in uucp.  There are up to six possible fields
that can be specified in the command file (the C. file).  For R (receive)
and X (remote uucp) commands, though, not all of the fields are set.
Unfortunately, some of the code assumes these fields are set.  What you
are left with are stray pointers that can cause a core dump.

Here are the fixes:


*** cntrl.c	Thu May  6 14:54:21 1982
--- cntrl.c.bak	Thu May  6 14:53:54 1982
***************
*** 124,129
  			goto process;
  		}
  		wrktype = W_TYPE[0];

  		DEBUG(4, "wrktype %c, ", wrktype);
  		if (wrktype == XUUCP) {

--- 123,129 -----
  			goto process;
  		}
  		wrktype = W_TYPE[0];
+ 		mailopt = index(W_OPTNS, 'm') != NULL;

  		DEBUG(4, "wrktype %c, ", wrktype);
  		if (wrktype == XUUCP) {
***************
*** 137,144
  			logent(rqstr, "REQUEST");
  			goto sendmsg;
  		}
- 		mailopt = index(W_OPTNS, 'm') != NULL;

  		ASSERT(i > 4, "ARG COUNT - %d\n", i);
  		sprintf(msg, " %s %s %s %s %s %s",

--- 137,142 -----
  			logent(rqstr, "REQUEST");
  			goto sendmsg;
  		}

  		ASSERT(i > 4, "ARG COUNT - %d\n", i);
  		sprintf(msg, " %s %s %s %s %s %s",
***************
*** 143,149
  		ASSERT(i > 4, "ARG COUNT - %d\n", i);
  		sprintf(msg, " %s %s %s %s %s %s",
  			W_FILE1, W_FILE2, W_USER,
! 			W_OPTNS, W_DFILE, i > 5 ? W_MODE : "");
  		strcpy(User, W_USER);
  		ASSERT(strlen(User) <= 10, "User - %s\n", User);
  		sprintf(rqstr, "%s %s %s %s", W_TYPE, W_FILE1,

--- 141,147 -----
  		ASSERT(i > 4, "ARG COUNT - %d\n", i);
  		sprintf(msg, " %s %s %s %s %s %s",
  			W_FILE1, W_FILE2, W_USER,
! 			W_OPTNS, W_DFILE, W_MODE);
  		strcpy(User, W_USER);
  		ASSERT(strlen(User) <= 10, "User - %s\n", User);
  		sprintf(rqstr, "%s %s %s %s", W_TYPE, W_FILE1,


						Lou Salkind
						cmcl2!salkind

