inn-STABLE dumping core
Sven Paulus
sven at karlsruhe.org
Tue Oct 5 20:22:07 UTC 1999
In article <19991005210141.A18143 at oops.inka.de> I wrote:
|> Just skipping a Bytes-Header in ARTparseheader() would be the right
|> solution, I guess, but I still don't know, why this hasn't happened always
|> before when an article containing a Bytes-Header arrived.
I think now I understand it: If an article gets written to the disk,
hp->Value (for hp == Bytes-header) points to != NULL (because in
ARTstore() a value is given to the pointer). After this, hp->Value is
non-zero and will stay non-zero.
But every time, an article containing a Bytes header arrives _before_ an
article is written to the disk, innd crashes, because hp->Value == NULL.
Usually, this is very rare, but if you reject _all_ articles, this might
happen sooner than you think.
This makes a nice possibility for a DoS between peers, you just have to be
quick after an innd restarts :-)
Sven
More information about the inn-bugs
mailing list