From 55d8d447bf7fc06852dd096935001cf5913af737 Mon Sep 17 00:00:00 2001 From: Tony Finch Date: Tue, 18 Mar 2003 14:19:26 +0000 Subject: The POSIXly-correct /dev/stdout handling added in rev 1.44 makes careless users vulnerable to terminal control sequence attacks, since they expect uudecode to just drop (or overwrite) a file in the current directory. POSIX also says that the full pathname from the input should be used when writing a file, which we only do if the -s (shoot me in the foot) option is specified; therefore this revision means that you now need to use -s for standard /dev/stdout handling. --- usr.bin/uudecode/uudecode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr.bin/uudecode') diff --git a/usr.bin/uudecode/uudecode.c b/usr.bin/uudecode/uudecode.c index 88ef4551b2d7..0c1e3861500b 100644 --- a/usr.bin/uudecode/uudecode.c +++ b/usr.bin/uudecode/uudecode.c @@ -247,7 +247,7 @@ decode2(void) } q = memcpy(p - n, pw->pw_dir, n); } - } else if (strcmp(q, "/dev/stdout") != 0) { + } else { /* strip down to leaf name */ p = strrchr(q, '/'); if (p != NULL) -- cgit v1.2.3