Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!rutgers!caip!clyde!cbatt!ncr-sd!matt From: matt@ncr-sd.UUCP (Matt Costello) Newsgroups: net.bugs.usg Subject: bugs in /bin/mail Message-ID: <1196@ncr-sd.UUCP> Date: Thu, 9-Oct-86 21:06:41 EDT Article-I.D.: ncr-sd.1196 Posted: Thu Oct 9 21:06:41 1986 Date-Received: Fri, 10-Oct-86 03:54:06 EDT Reply-To: matt@ncr-sd.UUCP (Matt Costello) Distribution: world Organization: NCR Corporation, San Diego Lines: 58 I've found two bugs in the mail program recently, and thought I'd share them. The first occurs when mail is being forwarded to another system. Running mail with no arguments causes it to print the address your mail is being forwarded to, but first it checks that the mail file is readable by group mail. The check for readability is broken and will complain unless the mode is exactly 0660. The offending lines are: if (!((stbuf.st_gid == MAILGRP) && ((stbuf.st_mode & 0777)== MFMODE))) { printf("Your mail cannot be forwarded.\n"); printf("Check permissions and group id of mail file.\n"); A more appropriate check would be: if (!((stbuf.st_gid == MAILGRP) && ((stbuf.st_mode & 0440)== 0440)) && !(stbuf.st_mode & 0004) ) { The second (and more serious) bug comes about because of the trouble mail goes through to preserve null characters in mail. Since it cannot use strlen to find the length of an input line it searches for the terminating newline that terminates the fgets function. If the last character of the mail input is not a newline, then the last line will not have a newline to find. In this case one or more bogus characters will be written out. The code fragments in question are: while (fgets(line, sizeof(line), f1) != NULL) { ... some code omitted here ... n = strln(line); if (write(f2->_file,line,n) != n) { ... some code omitted here ... } } /* * strln - determine length of line (terminated by '\n') */ strln (s) char *s; { int i; for (i=0 ; i < LSIZE && s[i] != '\n' ; i++); return(i+1); } The simple solution is to use fread rather than fgets since it does return the number of bytes read. Now for the questions. Why does mail go to so much trouble to preserve nulls in a mail file? Mailx aborts if it detects a null and vi strips nulls. Does anybody know why mail does not remove them? Does anyone see any reason why stripping nulls would have a detrimental effect? -- Matt Costello, matt@ncr-sd.SanDiego.NCR.com (not registered yet) {sdcsvax,dcdwest,ihnp4}!ncr-sd!matt