cant store article: bogus Xref: header in INN 2.5 ?
Julien ÉLIE
julien at trigofacile.com
Fri Sep 2 17:27:15 UTC 2011
Hi Matija,
> I've replaced CrackXref() for Debian Squeeeze INN 2.5.2-2~squeeze1,
> but it broke horribly.
I am terribly sorry. It is also what I have discovered in my news
server this evening, coming back home.
> I do not know if it is related to this patch
Yes it is.
The problem is that I thought CrackXref() was given a pointer to a
string (the Xref: header field value). It appears that it is a pointer
inside the article, without boundaries after the end of the Xref: header
field. With skip_fws(), we reach the start of the body (as Xref: is
usually the last header).
> I backed up to Debian version until I can investigate more next week.
I have a new patch.
I will post it tomorrow, after having checked that everything is all
right. Sorry for having suggested you a broken patch yesterday.
I see that we have other parsing issues in the same file.
For instance again the Xref: header field, where tabs are not checked.
Neither are folding whitespace.
if (innconf->storeonxref) {
/* skip path element */
if ((xrefhdr = strchr(xrefhdr, ' ')) == NULL) {
art->groups = NULL;
art->groupslen = 0;
} else {
for (xrefhdr++; *xrefhdr == ' '; xrefhdr++);
art->groups = xrefhdr;
for (p = xrefhdr ; (*p != '\n') && (*p != '\r') ;
p++);
art->groupslen = p - xrefhdr;
}
}
and otherwise the Newsgroups: header field...
Implementing RFC 5536 will require a thorough check of many functions in
the source code.
--
Julien ÉLIE
« Corruptissima republica plurimae leges. »
More information about the inn-workers
mailing list