Bad access to IP address in memory

Julien ÉLIE julien at trigofacile.com
Sun Jun 22 14:10:47 UTC 2008


Hi,

> Indeed, I have just noticed in /var/log/news/http/inn_status.html
> (with a CURRENT INN) that:
>
> localhost
>    seconds: 756            duplicates: 0           ip address: 31d078$0$893$ba4acef3 at news.orange.fr> <48321a3

Again today:

localhost
    seconds: 843            duplicates: 0           ip address: žš,^H8^^/^Hews.lists.filters:202364


I have identified the guilty one:  this localhost connection comes from perl-nocem.
Its Address.ss_family is 0 and it uses a local connect channel.

lc.c states that only rnews uses it but it does not seem the case.
Aren't inews and pullnews also using local connect channels?
By the way, how can we decide to open a local channel instead of a remote channel
(if I "telnet localhost"?  "telnet ::1"?  "telnet my.server.com" directly on my.server.com?)



Well, the code is currently this one:

    if ((new = NCcreate(fd, false, true)) != NULL) {
        memset( &new->Address, 0, sizeof( new->Address ) );
        syslog(L_NOTICE, "%s connected %d", "localhost", new->fd);
        NCwritereply(new, (char *)NCgreeting);
    }


Shouldn't it put the IP of the peer here?  It is only filled with "0".
But how do we obtain the IP to put into new->Address?

And another worrying thing is that new->Address is updated very frequently
to weird strings.  Isn't there a problem elsewhere? (something writing into
new->Address without permission?  but how can it be found out?)

-- 
Julien ÉLIE

« Pas question de faire voler un tapis volé ! » (Astérix)



More information about the inn-workers mailing list