localmaxartsize 0 bug in 2.4.2

Jeffrey T Eaton jeaton at cmu.edu
Thu Nov 17 21:05:37 UTC 2005


I discovered that if you set localmaxartsize to 0 (to accept unlimited
size messages), and try to post a message with a very long single line,
nnrpd incorrectly exits with "can't read: Invalid argument" and
"timeout in post". 

This happens because at around line 122 in nnrpd.c,
PERMaccessconf->localmaxartsize will be 0, so newsize will always be
reset to 0, and line->allocated will be 0 at line 140.

Then, at 164, line_doread() is called with a negative second argument,
because line->allocated - (where - line->start) will be negative.
(Probably -512, because the first line buffer is allocated to be
NNTP_STRLEN bytes).

I worked around it by setting localmaxartsize to be very large for
now, but this should be fixed, or nnrpd should report an error if
localmaxartsize is <= NNTP_STRLEN.

-jeaton

-- 
Jeffrey T. Eaton                    esp                      jeaton at cmu.edu
Research Systems Programmer                      Carnegie-Mellon University




More information about the inn-bugs mailing list