bug in nnrpd + solution

Piotr Meyer aniou at smutek.pl
Wed Apr 12 18:26:36 UTC 2006


version: INN 2.4.2 and 2.4.3 
OS     : Debian GNU/Linux (alpha), kernel 2.6.x

Some times ago my users send some reports about "non-working
groups" on our newsserwer. I found strange (negative low and
 hi numbers) values in response for "group" command:

$ telnet news.supermedia.pl 119
Connected to news.supermedia.pl.
Escape character is '^]'.
200 news.supermedia.pl InterNetNews NNRP server INN 2.4.3 (20050407
prerelease) ready (posting ok).
group pl.soc.prawo
211 41595 -2147371226 -2147329206 pl.soc.prawo
205 .
Connection closed by foreign host.

active file contains valid numbers:

$ grep pl.soc.prawo active
active:pl.soc.prawo 2147638090 2147596070 y

After some test I found possible cause in "nnrpd/list.c":
procedure CMD_list_single uses '%d' instead of '%u' for
converting integers do decimals:

static bool
CMD_list_single(char *group)
    char *grplist[2] = { NULL, NULL };
    int lo, hi, flag;


    if (OVgroupstats(group, &lo, &hi, NULL, &flag) && flag != '=') {
        Reply("%d %s.\r\n", NNTP_LIST_FOLLOWS_VAL, INFOactive.Format);
        Printf("%s %010d %010d %c\r\n.\r\n", group, hi, lo, flag);
        return true;

And "man 3 printf" told me: 
d,i    The int argument is converted to signed decimal notation.

I think, better choice is "%u" (in to unsigned decimal):

        Printf("%s %010u %010u %c\r\n.\r\n", group, hi, lo, flag);

Best regards,
Piotr 'aniou' Meyer

More information about the inn-bugs mailing list