netbsd-bugs: bin/1756: lprm(1) lossage

Subject: bin/1756: lprm(1) lossage
To: None <gnats-bugs@gnats.netbsd.org>
From: None <thomas@cevis.uni-Bremen.de>
List: netbsd-bugs
Date: 11/12/1995 20:47:04
>Number:         1756
>Category:       bin
>Synopsis:       lprm(1) lossage
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 12 15:05:02 1995
>Last-Modified:
>Originator:     Thomas Eberhardt
>Organization:
CeVis, University of Bremen, Germany
>Release:        NetBSD-current 951112
>Environment:
	
System: NetBSD ed209 1.1_ALPHA NetBSD 1.1_ALPHA (ED209) #4: Thu Nov  9 18:11:32 MET 1995     thomas@ed209:/usr/src/sys/arch/i386/compile/ED209 i386

Machine: i386
>Description:
	lprm(1) doesn't remove all files from the spool directory.
	This is caused by lprm calling do_unlink again and again with
	the control file and not with the associated files as parameter.
	It looks like this was mixed up while merging in the seteuid
	changes. I've also found another thing that looks strange in
	displayq.c.
>How-To-Repeat:
	lpr <file>
	lprm
>Fix:
*** usr.sbin/lpr/common_source/rmjob.c-	Sat Oct 14 04:58:41 1995
--- usr.sbin/lpr/common_source/rmjob.c	Sun Nov 12 19:55:02 1995
***************
*** 210,216 ****
  	while (getline(cfp)) {
  		switch (line[0]) {
  		case 'U':  /* unlink associated files */
! 			do_unlink(file);
  		}
  	}
  	(void) fclose(cfp);
--- 210,216 ----
  	while (getline(cfp)) {
  		switch (line[0]) {
  		case 'U':  /* unlink associated files */
! 			do_unlink(line+1);
  		}
  	}
  	(void) fclose(cfp);
*** usr.sbin/lpr/common_source/displayq.c-	Sat Oct 14 04:58:33 1995
--- usr.sbin/lpr/common_source/displayq.c	Sun Nov 12 20:06:02 1995
***************
*** 165,177 ****
  				cp++;
  			*cp = '\0';
  			i = atoi(current);
! 			if (i <= 0) {
  				seteuid(euid);
  				ret = kill(i, 0);
  				seteuid(uid);
  			}
! 				ret = -1;
! 			if (ret < 0) {
  				/* read current file name */
  				cp = current;
  				while ((*cp = getc(fp)) != EOF && *cp != '\n')
--- 165,180 ----
  				cp++;
  			*cp = '\0';
  			i = atoi(current);
! 			if (i <= 0)
! 				ret = -1;
! 			else {
  				seteuid(euid);
  				ret = kill(i, 0);
  				seteuid(uid);
  			}
! 			if (ret < 0)
! 				warn();
! 			else {
  				/* read current file name */
  				cp = current;
  				while ((*cp = getc(fp)) != EOF && *cp != '\n')
>Audit-Trail:
>Unformatted: