inn STABLE+DEVEL crashes due to bug in status.c
Heiko Schlichting
inn-bugs at FU-Berlin.DE
Mon Oct 4 02:14:20 UTC 1999
[Snapshot inn-1999-10-03_03-00]
[and also in STABLE branch (which is not stable with this bug)]
In status.c the array "status[]" ist defined as
#define MAX_PEER 100
STATUS status[MAX_PEER];
but will be filled from 0 to 100 (not 99!). Therefore inn crashes immediately
if status was enabled and the compile-time "MAX_PEER" limit is reached. As
the stack gets trashed and the core dump was meaningless, it was difficult
to locate this problem.
Patch follows below, Heiko.
Heiko Schlichting | Freie Universitaet Berlin
heiko at FU-Berlin.DE | Zentraleinrichtung fuer Datenverarbeitung (ZEDAT)
Telefon +49 30 838-4327 | Fabeckstrasse 32
Telefax +49 30 838-6721 | D-14195 Berlin
---------------------------------------------------------------------------
--- innd/status.c.org Tue Sep 28 17:10:14 1999
+++ innd/status.c Mon Oct 4 03:46:18 1999
@@ -143,7 +143,7 @@
strcpy(TempString, cp->Address.s_addr == 0 ? "localhost" : RChostname(cp));
while ((j < peers) && (strcmp (TempString, status[j].name)))
j++;
- if (j > MAX_PEER) {
+ if (j >= MAX_PEER) {
syslog(L_NOTICE, "%s: too many peers for STATUSsummary()", TempString);
fprintf (F, "%s: too many peers for STATUSsummary()\n", TempString);
continue;
More information about the inn-bugs
mailing list