Bad access to IP address in memory
Russ Allbery
rra at stanford.edu
Sun Jun 22 23:55:46 UTC 2008
Julien ÉLIE <julien at trigofacile.com> writes:
> I have identified the guilty one: this localhost connection comes from
> perl-nocem. Its Address.ss_family is 0 and it uses a local connect
> channel.
>
> lc.c states that only rnews uses it but it does not seem the case.
> Aren't inews and pullnews also using local connect channels? By the
> way, how can we decide to open a local channel instead of a remote
> channel (if I "telnet localhost"? "telnet ::1"? "telnet my.server.com"
> directly on my.server.com?)
Local channels are UNIX domain sockets. They don't use the network at
all, so the concept of an IP address is meaningless for them. I wonder if
the reporting function is somehow misbehaving on the all-zero cp->Address,
although if so, something clearly wrote some garbage into it.
Currently, since LCreader calls NCcreate and doesn't have anywhere else to
store a flag, there's no way to tell that it's a local channel other than
the all-zero address.
CHANname has the following logic:
case CTnntp:
snprintf(cp->Name, sizeof(cp->Name), "%s:%d",
cp->Address.ss_family == 0 ? "localhost" : RChostname(cp),
cp->fd);
break;
I wonder if something similar is needed in status, although the results
you see still don't look like printing out zeroed memory.
> And another worrying thing is that new->Address is updated very
> frequently to weird strings. Isn't there a problem elsewhere?
Yes.
> (something writing into new->Address without permission? but how can it
> be found out?)
valgrind, maybe....
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list