The POSIXly-correct /dev/stdout handling added in rev 1.44 makes

careless users vulnerable to terminal control sequence attacks, since they expect uudecode to just drop (or overwrite) a file in the current directory. POSIX also says that the full pathname from the input should be used when writing a file, which we only do if the -s (shoot me in the foot) option is specified; therefore this revision means that you now need to use -s for standard /dev/stdout handling.
2003-03-18 14:19:26 +00:00 · 2003-03-18 14:19:26 +00:00 · 4bb74a4762
commit 4bb74a4762
parent ac2d1cc0c7
1 changed files with 1 additions and 1 deletions
--- a/usr.bin/uudecode/uudecode.c
+++ b/usr.bin/uudecode/uudecode.c
@ -247,7 +247,7 @@ decode2(void)
 			}
 			q = memcpy(p - n, pw->pw_dir, n);
 		}
-	} else if (strcmp(q, "/dev/stdout") != 0) {
+	} else {
 		/* strip down to leaf name */
 		p = strrchr(q, '/');
 		if (p != NULL)