The POSIXly-correct /dev/stdout handling added in rev 1.44 makes

careless users vulnerable to terminal control sequence attacks, since they expect uudecode to just drop (or overwrite) a file in the current directory. POSIX also says that the full pathname from the input should be used when writing a file, which we only do if the -s (shoot me in the foot) option is specified; therefore this revision means that you now need to use -s for standard /dev/stdout handling.
author: fanf <fanf@FreeBSD.org> 2003-03-18 14:19:26 +0000
committer: fanf <fanf@FreeBSD.org> 2003-03-18 14:19:26 +0000
commit: 4bb74a4762abe8739a60f45f9a32f41298f75f59 (patch)
tree: 86287e35266eb0e7dc27245eda4ac67ec0c211ae /usr.bin/uudecode
parent: ac2d1cc0c757097d6c3734d6d064e5d6a65df2b1 (diff)
download: FreeBSD-src-4bb74a4762abe8739a60f45f9a32f41298f75f59.zip
FreeBSD-src-4bb74a4762abe8739a60f45f9a32f41298f75f59.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/uudecode/uudecode.c b/usr.bin/uudecode/uudecode.c
index 88ef455..0c1e386 100644
--- a/usr.bin/uudecode/uudecode.c
+++ b/usr.bin/uudecode/uudecode.c
@@ -247,7 +247,7 @@ decode2(void)
 			}
 			q = memcpy(p - n, pw->pw_dir, n);
 		}
-	} else if (strcmp(q, "/dev/stdout") != 0) {
+	} else {
 		/* strip down to leaf name */
 		p = strrchr(q, '/');
 		if (p != NULL)
author	fanf <fanf@FreeBSD.org>	2003-03-18 14:19:26 +0000
committer	fanf <fanf@FreeBSD.org>	2003-03-18 14:19:26 +0000
commit	4bb74a4762abe8739a60f45f9a32f41298f75f59 (patch)
tree	86287e35266eb0e7dc27245eda4ac67ec0c211ae /usr.bin/uudecode
parent	ac2d1cc0c757097d6c3734d6d064e5d6a65df2b1 (diff)
download	FreeBSD-src-4bb74a4762abe8739a60f45f9a32f41298f75f59.zip FreeBSD-src-4bb74a4762abe8739a60f45f9a32f41298f75f59.tar.gz