From tarsier.cv.nrao.edu!juphoff Mon Jul 31 00:30:39 1995
Return-Path: <tarsier.cv.nrao.edu!juphoff>
Received: by seneca (Smail3.1.29.1 #1)
	id m0scgsY-000MsvC; Mon, 31 Jul 95 00:30 MET DST
Received: from tarsier.cv.nrao.edu (tarsier.cv.nrao.edu [192.33.115.50]) by commy.ix.de (8.6.11/commy_003) with ESMTP 
          id TAA31268 for <seneca!hm@commy.ix.de>; Sun, 30 Jul 1995 19:48:14 +0200
Received: (from juphoff@localhost) by tarsier.cv.nrao.edu (8.6.12/8.6.9) id NAA04545; Sun, 30 Jul 1995 13:47:39 -0400
Date: Sun, 30 Jul 1995 13:47:39 -0400
Message-Id: <199507301747.NAA04545@tarsier.cv.nrao.edu>
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: seneca!hm@commy.ix.de
Cc: okir@monad.swb.de (Olaf Kirch)
Subject: Re: vacation vulnerability
In-Reply-To: Your message of Sat, July 29, 1995 23:22:03 +0200
References: <m0sbzSe-00005JC@monad.swb.de>
	<m0scJKe-000MnaC@seneca>
X-Zippy: When this load is DONE I think I'll wash it AGAIN..
X-Mailer: VM 5.87 (beta); GNU Emacs 19.29.1
X-Attribution: Up
Status: RO

OK, found the problem.  At the end of main():

  readheaders();
  if (!recent()) {
    setreply();
    (void) gdbm_close(db);
    sendmessage(pw->pw_name);
  }
  (void) gdbm_close(db);
  exit(0);
  /* NOTREACHED */
}

gdbm_close() gets called twice for non-recent messages (i.e. those
requiring a response).  The second call invariably SEGV's, at least on
my system (customized 1.3.6, under both libc 4.7.2 and 5.0.9).  Seems to
bring back memories of libc-4.5.8's hatred for closing the same file
twice that broke so many things...I don't code dbm stuff myself, except
from Perl, so I'm not familiar with any trickery, restrictions, etc. on
this sort of thing...  Does this SEGV on either of your systems?

The cleanest fix is probably to bracket the second call with an else {}
block (as in the patch below).

Here are the minor changes I've made that you may want to integrate:

diff -u --recursive 1.1-hm/vacation.c 1.1/vacation.c
--- 1.1-hm/vacation.c   Sat Jul 29 18:08:57 1995
+++ 1.1/vacation.c      Sun Jul 30 13:39:41 1995
@@ -184,8 +184,8 @@
     setreply();
     (void) gdbm_close(db);
     sendmessage(pw->pw_name);
-  }
-  (void) gdbm_close(db);
+  } else
+    (void) gdbm_close(db);
   exit(0);
   /* NOTREACHED */
 }
@@ -543,6 +543,7 @@
 void initialize (char *path, char *myname)
 {
   char *editor;
+  char ebuf[PATH_MAX];
   FILE *message;
   FILE *forward;
 
@@ -566,8 +567,9 @@
   fprintf (message, "Your mail concerning \"$SUBJECT\"\n");
   fprintf (message, "will be read when I'm back.\n");
   fclose (message);
-  execl (editor, editor, VMSG, NULL);
-  exit (0);                      /* NOT REACHED */
+  sprintf (ebuf, "%s %s", editor, VMSG);
+  system (ebuf);
+  exit (0);
 }


