X-Git-Url: https://git.subgeniuskitty.com/unix-history/.git/blobdiff_plain/8c8a5b54e79564c14fc7a2823a21a8f048449bcf..af359dea2e5ab3e937b62107ecd6a51d78189ed7:/usr/src/usr.bin/sccs/sccs.c

diff --git a/usr/src/usr.bin/sccs/sccs.c b/usr/src/usr.bin/sccs/sccs.c
index 1ab828536b..d244092c04 100644
--- a/usr/src/usr.bin/sccs/sccs.c
+++ b/usr/src/usr.bin/sccs/sccs.c
@@ -2,7 +2,33 @@
  * Copyright (c) 1980 Regents of the University of California.
  * All rights reserved.
  *
- * %sccs.include.redist.c%
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
  */
 
 #ifndef lint
@@ -12,7 +38,7 @@ char copyright[] =
 #endif /* not lint */
 
 #ifndef lint
-static char sccsid[] = "@(#)sccs.c	5.11 (Berkeley) %G%";
+static char sccsid[] = "@(#)sccs.c	5.11 (Berkeley) 3/4/91";
 #endif /* not lint */
 
 #include <sys/cdefs.h>
@@ -797,6 +823,7 @@ makefile(name)
 	char buf[3*FBUFSIZ];
 	extern char *malloc();
 	extern char *rindex();
+	extern bool safepath();
 	extern bool isdir();
 	register char *q;
 
@@ -807,23 +834,21 @@ makefile(name)
 		p++;
 
 	/*
-	**  See if the name can be used as-is.
+	**  Check to see that the path is "safe", i.e., that we
+	**  are not letting some nasty person use the setuid part
+	**  of this program to look at or munge some presumably
+	**  hidden files.
 	*/
 
-	if (SccsPath[0] != '/' || name[0] == '/' || strncmp(name, "./", 2) == 0)
-	{
-		if (strncmp(p, "s.", 2) == 0)
-			return (name);
-		if (isdir(name))
-			return (name);
-	}
+	if (SccsDir[0] == '/' && !safepath(name))
+		return (NULL);
 
 	/*
-	**  Create the actual pathname.
+	**  Create the base pathname.
 	*/
 
 	/* first the directory part */
-	if (name[0] != '/')
+	if (SccsDir[0] != '\0' && name[0] != '/' && strncmp(name, "./", 2) != 0)
 	{
 		gstrcpy(buf, SccsDir, sizeof(buf));
 		gstrcat(buf, "/", sizeof(buf));
@@ -832,9 +857,13 @@ makefile(name)
 		gstrcpy(buf, "", sizeof(buf));
 	
 	/* then the head of the pathname */
-	strncat(buf, name, p - name);
+	gstrncat(buf, name, p - name, sizeof(buf));
 	q = &buf[strlen(buf)];
-	strcpy(q, p);
+
+	/* now copy the final part of the name, in case useful */
+	gstrcpy(q, p, sizeof(buf));
+
+	/* so is it useful? */
 	if (strncmp(p, "s.", 2) != 0 && !isdir(buf))
 	{
 		/* sorry, no; copy the SCCS pathname & the "s." */
@@ -848,10 +877,22 @@ makefile(name)
 	/* if i haven't changed it, why did I do all this? */
 	if (strcmp(buf, name) == 0)
 		p = name;
+	else
+	{
+		/* but if I have, squirrel it away */
+		p = malloc(strlen(buf) + 1);
+		if (p == NULL)
+		{
+			perror("Sccs: no mem");
+			exit(EX_OSERR);
+		}
+		strcpy(p, buf);
+	}
 
-	return (stat(name, &stbuf) >= 0 && (stbuf.st_mode & S_IFMT) == S_IFDIR);
+	return (p);
 }
-/*
+
+/*
 **  ISDIR -- return true if the argument is a directory.
 **
 **	Parameters:
@@ -1300,32 +1341,8 @@ dodiff(getv, gfile)
 	auto int st;
 	extern int errno;
 	sig_t osig;
-	register char *p;
-	register char **ap;
-	bool makescript = FALSE;
 
-	for (ap = getv; *ap != NULL; ap++)
-	{
-		p = *ap;
-		if (p[0] == '-')
-		{
-			switch (p[1])
-			{
-			  case 'E':
-				p[1] = 'e';
-				makescript = TRUE;
-				break;
-			}
-		}
-	}
-
-	if (makescript)
-	{
-		printf("sccs edit %s\n", gfile);
-		printf("ed - %s << 'xxEOFxx'\n", gfile);
-	}
-	else
-		printf("\n------- %s -------\n", gfile);
+	printf("\n------- %s -------\n", gfile);
 	fflush(stdout);
 
 	/* create context for diff to run in */
@@ -1362,15 +1379,6 @@ dodiff(getv, gfile)
 		}
 		command(&getv[1], FALSE, "-diff:elsfhbC");
 	}
-
-	if (makescript)
-	{
-		printf("w\n");
-		printf("q\n");
-		printf("'xxEOFxx'\n");
-		printf("sccs delta %s\n", gfile);
-	}
-
 	return (rval);
 }