[a.d.stribblehill at durham.ac.uk: Bug#176336: inn fails to post articles]
Russ Allbery
rra at stanford.edu
Sun Jan 19 21:22:37 UTC 2003
Marco d'Itri <md at Linux.IT> writes:
> This has been reported by a debian user, INN version is STABLE 20020922.
> Has it already been fixed?
> --- inn2-2.3.3+20020922.orig/nnrpd/post.c
> +++ inn2-2.3.3+20020922/nnrpd/post.c
> @@ -812,9 +812,11 @@
> /* Write the headers and a blank line. */
> for (hp = Table; hp < ENDOF(Table); hp++)
> if (hp->Value) {
> - q = NEW(char, hp->Body - hp->Value + hp->Len + 1);
> - strncpy(q, hp->Value, hp->Body - hp->Value + hp->Len);
> - *(q + (int)(hp->Body - hp->Value) + hp->Len) = '\0';
> + /* fprintf(stderr, "hp->Body: %x %s\n", hp->Body, hp->Body);
> + fprintf(stderr, "hp->Value: %x %s\n", hp->Value, hp->Value);
> + fprintf(stderr, "hp->Len+1: %d", hp->Len + 1); */
> + q = NEW(char, strlen(hp->Value) + 1);
> + strcpy(q, hp->Value);
> if (*hp->Value == ' ' || *hp->Value == '\t')
> (void)fprintf(F, "%s:%s\n", hp->Name, hp->Value);
> else
This code is still functionally the same in CVS.
> The basic problem is that the length of two strings is compared with the
> assumption that the two 'char *' variables are pointing to the same
> string at different places. Actually, one was on the heap and the other
> on the stack IIRC.
If hp->Body and hp->Value aren't pointing to the same string, that's the
bug; something is very broken there. From the subsequent discussion, it
sounds like that may have been because of use of writable header support
in the Perl filter and a fixed bug there?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list