eric@whuxlb.UUCP (06/21/83)
A NASTY BUG IN UUCP
*** THE BUG ***
UUCP (as distributed with 5.0) has a nasty bug which
would cause mail to be dropped on the floor. The bug was not
repeatable on demand and was therefore hard to track down.
*** THE SYMPTOMS ***
In /usr/spool/uucp/LOGFILE, messages of the following
type would often appear during a uucp connection. However,
as noted above, the error did not occur during every mailing
attempt:
harpo!uucp (5/13-15:56:46) (Q,16250,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep )
harpo!uucp (5/13-15:56:48) (Q,16250,0) ret (400) from harpo!uucp (MAIL FAIL)
harpo!uucp (5/13-15:56:49) (Q,16250,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep )
harpo!uucp (5/13-15:56:49) (Q,16250,0) QCAUGHT (QSIGNAL 13)
harpo!uucp (5/13-15:57:20) (Q,16263,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep )
harpo!uucp (5/13-15:57:21) (Q,16263,0) ret (400) from harpo!uucp (MAIL FAIL)
harpo!uucp (5/13-15:57:22) (Q,16263,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep )
harpo!uucp (5/13-15:57:22) (Q,16263,0) QCAUGHT (QSIGNAL 13)
harpo!uucp (5/13-16:00:23) (Q,16358,0) uucp XQT (PATH=/bin:/usr/bin:/usr/lbin LOGNAME=uucp rmail pep )
*** THE PROBLEM ***
UUCP uses the shell (/bin/sh) to invoke rmail to
deliver mail. Before invoking the shell, UUCP changes the
enviroment so that the enviroment variable LOGNAME would be
set to the user sending mail, or to "uucp". The enviroment
list handed to execle(2) should be terminated by a NULL
pointer, which it was. However, the bug in UUCP caused
several enviroment pointers to be set to ZERO LENGTH strings
instead of NULL pointers. /bin/sh bombs out when it expects
a string or null pointer and instead is handed a zero length
string, and it died, which caused the MAIL FAIL message
above and the subsequent signal 13, as UUCP tried to write
down a pipe that didn't have a mail on the other end.
*** THE FIX ***
The fix is very simple. In /usr/src/cmd/uucp, edit the
file mailst.c. On or around the 49th line, three lines will
appear that look like this:
- 2 -
if(strncmp(envp[0], "LOGNAME", 7) == 0)
sprintf(un, "LOGNAME=%s",p);
envp[0] = &un[0];
The two statements following the 'if' need brackets around
them, so that the new code looks like this:
if(strncmp(envp[0], "LOGNAME", 7) == 0) {
sprintf(un, "LOGNAME=%s",p);
envp[0] = &un[0];
}
Now recompile UUCP with a "make -f uucp.mk", then install
the new programs with a "make -f uucp.mk save", which can be
backed out with a "make -f uucp.mk restore."
Eric Holtman
WH 1c-352, x4890
harpo!whuxlb!eric