looks like a bug in a cnfsheadconf utility
ilya voronin
ivoronin at ivoronin.pp.ru
Sun Apr 11 12:39:40 UTC 2004
Environment: OpenBSD 3.4-STABLE, i386, INN 2.4.1, Perl 5.8.0
Description:
cnfsheadconf utility corrupts CNFS buffer v3 header.
How to repeat:
just try to change lena or freea fields of CNFS buffer header
with cnfsheadconf utility.
$ ./cnfsheadconf -c MAIN -w
Buffer MAIN, len: 1024.00 Mbytes, used: 113.46 Mbytes (11.1%) 0 cycles
Meta , order: 0, current: TRUE
Newest: 2004-04-11 13:25:47, 0 days, 2:38:02 ago
Buffer [MAIN] =>
Path [/usr/local/news/spool/main.cnfs] =>
Length [1073741824 (0000000040000000)] => 1073741823
Free [118971904 (0000000007175e00)] =>
Meta [] =>
Order [0000000000000000] =>
Currentbuff [TRUE] =>
$ ./cnfsstat -a
Class MAIN for groups matching "*"
read reached eof
$ ./cnfsheadconf -c MAIN -w
Buffer MAIN, len: 4398046507008.00 Mbytes, used: 113.46 Mbytes ( 0.0%) 0 cycles
> ^^^^^^^^^^^^^^^^
Meta , order: 0, current: TRUE
Newest: 2004-04-11 13:25:47, 0 days, 2:38:53 ago
Buffer [MAIN] => Path [/usr/local/news/spool/main.cnfs] => ^C
How to fix:
--- frontends/cnfsheadconf.in.orig Thu Jan 8 01:47:19 2004
+++ frontends/cnfsheadconf.in Sun Apr 11 16:16:35 2004
@@ -304,7 +304,7 @@
chop $in;
if ($in ne "") {
$in = bint2hex($in);
- $lena = sprintf("%0.17s\0", $in);
+ $lena = sprintf("%017s\0", $in);
}
print "Free [$free ($freea)] => ";
$in = <>;
@@ -311,7 +311,7 @@
chop $in;
if ($in ne "") {
$in = bint2hex($in);
- $freea = sprintf("%0.17s\0", $in);
+ $freea = sprintf("%017s\0", $in);
}
print "Meta [$metaname] => ";
$in = <>;
--
ilya voronin <ivoronin at ivoronin.pp.ru>
More information about the inn-bugs
mailing list