Strange INN-current crash.

Julien ÉLIE julien at trigofacile.com
Wed Apr 1 19:16:07 UTC 2009 

Hi Petr,

> Distribution:
> After "Distribution:" I put 3 space and press enter.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211054400 (LWP 29533)]
0x08071611 in MaxLength (p=0x0, q=0x0) at util.c:58
58          i = strlen(p);
(gdb) bt
#0  0x08071611 in MaxLength (p=0x0, q=0x0) at util.c:58
#1  0x08053a9a in ARTpost (cp=0xb6fb2d00) at art.c:2108
#2  0x080614f8 in NCreader (cp=0xb6fb2d00) at nc.c:227
#3  0x0805be4f in CHANreadloop () at chan.c:1021
#4  0x0805e806 in main (ac=Cannot access memory at address 0xffffffff
) at innd.c:718


That's what I get.  Here, I have p=q (whereas you had a different
thing).  Well, never mind.  There is a bug in INN and I now understand
why you kept saying the unwanted distribution was never logged!

      ARTparsedist(HDR(HDR__DISTRIBUTION), HDR_LEN(HDR__DISTRIBUTION),
        &data->Distribution);

      if (ME.Distributions &&
        !DISTwantany(ME.Distributions, data->Distribution.List)) {
        snprintf(cp->Error, sizeof(cp->Error),
                 "%d Unwanted distribution \"%s\"",
                 ihave ? NNTP_FAIL_IHAVE_REJECT : NNTP_FAIL_TAKETHIS_REJECT,
                 MaxLength(data->Distribution.List[0],
                           data->Distribution.List[0]));


(gdb) print data->Distribution
$14 = {Data = 0x832c990 "", DataLength = 2, List = 0x832ca90, ListLength = 64}
(gdb) print data->Distribution.List
$15 = (char **) 0x832ca90
(gdb) print *data->Distribution.List
$16 = 0x0

It is never assigned in ARTparsedist().

I would suggest:

Index: art.c
===================================================================
--- art.c       (révision 8389)
+++ art.c       (copie de travail)
@@ -2108,6 +2108,7 @@
        snprintf(cp->Error, sizeof(cp->Error),
                  "%d Unwanted distribution \"%s\"",
                  ihave ? NNTP_FAIL_IHAVE_REJECT : NNTP_FAIL_TAKETHIS_REJECT,
+                 data->Distribution.List == NULL ? "" :
                  MaxLength(data->Distribution.List[0],
                            data->Distribution.List[0]));
        ARTlog(data, ART_REJECT, cp->Error);



But I see that MaxLength() can segfault elsewhere in the code.
So I also suggest:


Index: util.c
===================================================================
--- util.c      (révision 8385)
+++ util.c      (copie de travail)
@@ -54,6 +54,11 @@
     static char buff[80];
     unsigned int i;

+    if (p == NULL || q == NULL) {
+        *buff = '\0';
+        return buff;
+    }
+
     /* Already short enough? */
     i = strlen(p);
     if (i < sizeof buff - 1) {




It now works fine:

Apr  1 21:15:03.889 - localhost <a1 at 19ldsfdodjfz> 439 Unwanted distribution ""


Could you please also try it?

Thanks,

-- 
Julien ÉLIE

« Oublie les injures, n'oublie jamais les bienfaits. »

More information about the inn-workers mailing list