* NNRPD bug in inn-2.4.0 (Repeatedly) *

Yury B.Razbegin yur at simtel.ru
Fri Jun 29 14:12:20 UTC 2001


    The nnrpd crashes under FreeBSD 4.3. It occurs because of incorrect
operations of initialization and destruction of variables such as in
nnrpd/perm.c (line number 1200):

                        free_authgroup(curauth);
                    }
                    add_authgroup(curauth);

 Appropriate patch is atteched to this mail.

-- 
 * Yury B.Razbegin * yur at simtel.ru *  +7 (-8422) -35-32-09  (Fax: -41-00-19) *


-- Attached file included as plaintext by Listar --
-- Desc: Patch for nnrpd/perm.c bugs fixing

--- nnrpd/perm.c.orig	Fri Jun 29 13:01:10 2001
+++ nnrpd/perm.c	Fri Jun 29 17:55:34 2001
@@ -1118,12 +1118,12 @@
 		    curgroup = NEW(GROUP, 1);
 		    memset(curgroup, 0, sizeof(GROUP));
 		    memset(ConfigBit, '\0', ConfigBitsize);
-                    SetDefaultAuth(curgroup->auth);
 		}
 		if (curgroup->auth == NULL) {
 		    curgroup->auth = NEW(AUTHGROUP, 1);
 		    memset(curgroup->auth, 0, sizeof(AUTHGROUP));
 		    memset(ConfigBit, '\0', ConfigBitsize);
+                    SetDefaultAuth(curgroup->auth);
 		}
 
 		authdecl_parse(curgroup->auth, cf->f, tok);
@@ -1199,13 +1199,15 @@
 			   curauth->name == NULL ? "(NULL)" : curauth->name);
 			free_authgroup(curauth);
 		    }
+		    else
 		    add_authgroup(curauth);
-		} else if (curauth->name) {
+		} else {
+		    if (curauth->name)
 		    syslog(L_TRACE, "Auth strategy '%s' does not match client.  Removing.",
 			   curauth->name == NULL ? "(NULL)" : curauth->name);
 		    free_authgroup(curauth);
 		}
-
+                curauth = NULL;
 		goto again;
 	    }
 
@@ -1215,10 +1217,11 @@
 	    if (tok->type == PERMrbrace) {
 		inwhat = 0;
 
-		if (curaccess->name) {
+		if (curaccess->name)
 		    add_accessgroup(curaccess);
-		}
-
+		else
+		    free_accessgroup(curaccess);
+		curaccess = NULL;
 		goto again;
 	    }
 
@@ -1561,14 +1564,15 @@
 		unsigned int mask;
 
 		*p = '\0';
-                if (inet_aton(ip, &ia) && inet_aton(pat, &net)) {
+		if ((inet_aton(ip, &ia) == 1) &&
+					(inet_aton(pat, &net)==1)) {
 		    if (strchr(p+1, '.') == (char *)NULL) {
 			mask = atoi(p+1);
 			for (bits = c = 0; c < mask && c < 32; c++)
 			    bits |= (1 << (31 - c));
 			mask = htonl(bits);
 		    } else {
-                        if (inet_aton(p+1, &tmp))
+			if (inet_aton(p+1, &tmp) == 1)
                             mask = tmp.s_addr;
                         else
                             continue;




More information about the inn-bugs mailing list