[src/netbsd-1-4]: src/gnu/libexec/uucp/uuxqt Pull up revision 1.4 (requested ...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/abc9ac6dc23f
branches:  netbsd-1-4
changeset: 471314:abc9ac6dc23f
user:      he <he%NetBSD.org@localhost>
date:      Mon Jan 14 14:56:09 2002 +0000

description:
Pull up revision 1.4 (requested by itojun):
  Pay more attention to command line parsing of long options.
  Plugs security hole.  Fixes SA#2001-019.

diffstat:

 gnu/libexec/uucp/uuxqt/uuxqt.c |  40 +++++++++++++++++++++++++++++++++++++++-
 1 files changed, 39 insertions(+), 1 deletions(-)

diffs (57 lines):

diff -r 0550a0c477e6 -r abc9ac6dc23f gnu/libexec/uucp/uuxqt/uuxqt.c
--- a/gnu/libexec/uucp/uuxqt/uuxqt.c    Mon Jan 14 14:47:44 2002 +0000
+++ b/gnu/libexec/uucp/uuxqt/uuxqt.c    Mon Jan 14 14:56:09 2002 +0000
@@ -26,7 +26,7 @@
 #include "uucp.h"
 
 #if USE_RCS_ID
-const char uuxqt_rcsid[] = "$Id: uuxqt.c,v 1.3 1995/08/24 05:23:43 jtc Exp $";
+const char uuxqt_rcsid[] = "$Id: uuxqt.c,v 1.3.8.1 2002/01/14 14:56:09 he Exp $";
 #endif
 
 #include <errno.h>
@@ -928,6 +928,44 @@
         don't permit multiple arguments.  */
       for (i = 1; azQargs[i] != NULL; i++)
        {
+         if (azQargs[i][0] == '-' && azQargs[i][1] == '-')
+           {
+               char *zopts = azQargs[i] + 2;
+
+               /* The -g, -n, and -s options take an argument.  */
+               if (!strncmp(zopts, "grade", 5) && zopts[5] != '=')
+                 {
+                   if (azQargs[i+1] != NULL)
+                     ++i;
+                 }
+               if (!(strncmp(zopts, "notify", 6)
+               &&    strncmp(zopts, "status", 6)) && zopts[6] != '=')
+                 {
+                   if (azQargs[i+1] != NULL)
+                     ++i;
+                 }
+
+               /* The -I, -u and -x options are not permitted.  */
+               if (!strncmp(zopts, "config", 6))
+                 {
+                   if (zopts[6] != '=' && azQargs[i+1] != NULL)
+                     ++i;
+                   azQargs[i] = zbufcpy ("--nouucico");
+                 }
+               if (!strncmp(zopts, "user", 4))
+                 {
+                   if (zopts[4] != '=' && azQargs[i+1] != NULL)
+                     ++i;
+                   azQargs[i] = zbufcpy ("--nouucico");
+                 }
+               if (!strncmp(zopts, "debug", 5))
+                 {
+                   if (zopts[5] != '=' && azQargs[i+1] != NULL)
+                     ++i;
+                   azQargs[i] = zbufcpy ("--nouucico");
+                 }
+           }
+         else
          if (azQargs[i][0] == '-')
            {
              char *zopts;