looks like a bug in a cnfsheadconf utility

ilya voronin ivoronin at ivoronin.pp.ru
Sun Apr 11 12:39:40 UTC 2004


Environment: OpenBSD 3.4-STABLE, i386, INN 2.4.1, Perl 5.8.0

Description:
cnfsheadconf utility corrupts CNFS buffer v3 header.

How to repeat:
just try to change lena or freea fields of CNFS buffer header
with cnfsheadconf utility.

$ ./cnfsheadconf -c MAIN -w
 Buffer MAIN, len: 1024.00 Mbytes, used: 113.46 Mbytes (11.1%)   0 cycles
 Meta , order: 0, current: TRUE
 Newest: 2004-04-11 13:25:47,    0 days,  2:38:02 ago

Buffer [MAIN] => 
Path [/usr/local/news/spool/main.cnfs] => 
Length [1073741824 (0000000040000000)] => 1073741823
Free [118971904 (0000000007175e00)] => 
Meta [] => 
Order [0000000000000000] => 
Currentbuff [TRUE] =>

$ ./cnfsstat -a 
Class MAIN  for groups matching "*"
read reached eof
$ ./cnfsheadconf -c MAIN -w 
 Buffer MAIN, len: 4398046507008.00 Mbytes, used: 113.46 Mbytes ( 0.0%)   0 cycles
>                  ^^^^^^^^^^^^^^^^
 Meta , order: 0, current: TRUE
 Newest: 2004-04-11 13:25:47,    0 days,  2:38:53 ago

Buffer [MAIN] => Path [/usr/local/news/spool/main.cnfs] => ^C

How to fix:

--- frontends/cnfsheadconf.in.orig      Thu Jan  8 01:47:19 2004
+++ frontends/cnfsheadconf.in   Sun Apr 11 16:16:35 2004
@@ -304,7 +304,7 @@
         chop $in;
         if ($in ne "") {
             $in = bint2hex($in);
-            $lena = sprintf("%0.17s\0", $in);
+            $lena = sprintf("%017s\0", $in);
         }
        print "Free [$free ($freea)] => ";
        $in = <>;
@@ -311,7 +311,7 @@
        chop $in;
        if ($in ne "") {
             $in = bint2hex($in);
-           $freea = sprintf("%0.17s\0", $in);
+           $freea = sprintf("%017s\0", $in);
        }
        print "Meta [$metaname] => ";
        $in = <>;

-- 
ilya voronin <ivoronin at ivoronin.pp.ru>


More information about the inn-bugs mailing list