On Sun, Jan 03, 2016 at 06:32:09AM +0100, Theo Buehler wrote:
> uudecode and b64decode might need "getpw" if -s or -o is given. The
> reason is the getpwnam(3) call on uudecode.c:238 that is reached if
> 'sflag == 1' and the `remote file name' triggers `tilde expansion':
>
> $ cat boom
> begin 644 ~/boom
> %8F]O;0H`
> `
> end
> $ uudecode -s boom
> Abort trap (core dump)
> $ uudecode -o boom.out boom
> Abort trap (core dump)
>
> Note that 'oflag == 1' implies 'sflag == 1', so we need only test for
> the latter.
OK semarie@
> Index: uudecode.c
> ===================================================================
> RCS file: /var/cvs/src/usr.bin/uudecode/uudecode.c,v
> retrieving revision 1.22
> diff -u -p -r1.22 uudecode.c
> --- uudecode.c 9 Oct 2015 01:37:09 -0000 1.22
> +++ uudecode.c 3 Jan 2016 05:16:13 -0000
> @@ -126,7 +126,10 @@ main(int argc, char *argv[])
> argc -= optind;
> argv += optind;
>
> - if (oflag || pflag == 0) {
> + if (sflag) {
> + if (pledge("stdio rpath wpath cpath getpw", NULL) == -1)
> + err(1, "pledge");
> + } else if (pflag == 0) {
> if (pledge("stdio rpath wpath cpath", NULL) == -1)
> err(1, "pledge");
> } else {
>
>
--
Sebastien Marie
