Bad access to IP address in memory

Russ Allbery rra at stanford.edu
Sun Jun 22 23:55:46 UTC 2008


Julien ÉLIE <julien at trigofacile.com> writes:

> I have identified the guilty one:  this localhost connection comes from
> perl-nocem.  Its Address.ss_family is 0 and it uses a local connect
> channel.
>
> lc.c states that only rnews uses it but it does not seem the case.
> Aren't inews and pullnews also using local connect channels?  By the
> way, how can we decide to open a local channel instead of a remote
> channel (if I "telnet localhost"?  "telnet ::1"?  "telnet my.server.com"
> directly on my.server.com?)

Local channels are UNIX domain sockets.  They don't use the network at
all, so the concept of an IP address is meaningless for them.  I wonder if
the reporting function is somehow misbehaving on the all-zero cp->Address,
although if so, something clearly wrote some garbage into it.

Currently, since LCreader calls NCcreate and doesn't have anywhere else to
store a flag, there's no way to tell that it's a local channel other than
the all-zero address.

CHANname has the following logic:

    case CTnntp:
        snprintf(cp->Name, sizeof(cp->Name), "%s:%d",
                 cp->Address.ss_family == 0 ? "localhost" : RChostname(cp),
                 cp->fd);
        break;

I wonder if something similar is needed in status, although the results
you see still don't look like printing out zeroed memory.

> And another worrying thing is that new->Address is updated very
> frequently to weird strings.  Isn't there a problem elsewhere?

Yes.

> (something writing into new->Address without permission?  but how can it
> be found out?)

valgrind, maybe....

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list