wescott@sauron.UUCP (Mike Wescott) (08/31/86)
In article <1155@ncr-sd.UUCP> greg@ncr-sd.UUCP (Greg Noel) writes: > HDB also doesn't handle quoted strings very well, either. For example, > if you execute: > uux -</some/input/file remotesite!lp "'-options'" > (because the options may have whitespace in them), what actually gets run is: > lp ' -options ' <--- note the extra spaces inserted > > If somebody has a fix for this, I'd dearly love to hear from you....... Here it is as a patch; your line numbers may vary a little. This fixes the problem of extra spaces at the beginning and end of quoted strings. I don't think that I've opened up any security holes with this, but I'm not 100% certain because the gathering of the command line is tied up with the security checks. Other related problems still exist in uuxqt's handling of quoted arguments: 1. Whitespace gets shortened to a single space. 'a b<tab>c' => 'a b c' 2. Concatenated strings aren't 'aaaa''bbbb' => 'aaaa' 'bbbb' 'aaaa'bb => 'aaaa' bb However, I can't see any fix short of a complete rewrite of chkpart() which probably would open some new security loopholes. -Mike Wescott ncrcae!wescott *** uuxqt.c.orig Sat Aug 30 18:24:44 1986 --- uuxqt.c Sat Aug 30 21:07:54 1986 *************** *** 461,467 { char prm[BUFSIZ], xcmd[BUFSIZ]; char savechar[2]; /* one character string with NULL */ ! int ret; /* _CargType is the arg type for this iteration (cmd or file) */ while ((ptr = getprm(ptr, prm)) != NULL) { --- 461,467 ----- { char prm[BUFSIZ], xcmd[BUFSIZ]; char savechar[2]; /* one character string with NULL */ ! int ret, strx; /* _CargType is the arg type for this iteration (cmd or file) */ while ((ptr = getprm(ptr, prm)) != NULL) { *************** *** 494,500 /* must recurse */ savechar[0] = *prm; savechar[1] = NULLCHAR; ! APPCMD(savechar); /* put first char into command */ savechar[0] = prm[strlen(prm)-1]; prm[strlen(prm)-1] = NULLCHAR; /* delete last character */ --- 494,500 ----- /* must recurse */ savechar[0] = *prm; savechar[1] = NULLCHAR; ! APPCMDNS(savechar); /* put first char into command */ savechar[0] = prm[strlen(prm)-1]; prm[strlen(prm)-1] = NULLCHAR; /* delete last character */ *************** *** 502,507 if (ret = chkpart(prm+1)) { /* failed */ return(ret); } APPCMD(savechar); /* put last char into command */ continue; --- 502,511 ----- if (ret = chkpart(prm+1)) { /* failed */ return(ret); } + /* Delete a trailing space in the quoted string */ + strx = strlen(_Cmd) - 1; + if (_Cmd[strx] == ' ') + _Cmd[strx] = NULLCHAR; APPCMD(savechar); /* put last char into command */ continue; -- -Mike Wescott ncrcae!wescott