Three more patches

Richard Kettlewell rjk at greenend.org.uk
Sun Jun 14 09:32:36 UTC 2015


On 14/06/2015 10:12, Julien ÉLIE wrote:
> Hi Richard,
>> strlcpy with overlapping source & destination has undefined behavior.
>> (INN's version of the function passes the source and destination to
>> memcpy, which also has undefined behavior when they overlap.)
>>
>> diff --git a/nnrpd/post.c b/nnrpd/post.c
>> index d6db59f..72515da 100644
>> --- a/nnrpd/post.c
>> +++ b/nnrpd/post.c
>> @@ -1206,7 +1206,7 @@ ARTpost(char *article, char *idbuff, bool *permanent)
>>  	return MailArticle(modgroup, article);
>>      }
>>
>> -    if (idbuff)
>> +    if (idbuff && HDR(HDR__MESSAGEID) != idbuff)
>>  	strlcpy(idbuff, HDR(HDR__MESSAGEID), SMBUF);
>>  
>>      if (PERMaccessconf->spoolfirst)
> 
> All right.
> Then, shouldn't we also fix the same issue a few lines before?

Oh, yes.

[...]
> Strange that the static tool analyzer did not report it.
> Maybe because it does not read all the code, depending on the preprocessor
> variables enabled?  (This code needs DO_PERL set.)
> Wouldn't it be possible to parameter the static tool analyzer to analyze
> several more paths of the code?

These issues were identified through dynamic analysis (valgrind).  My
test rig doesn't have very high coverage.

>> --- a/innfeed/host.c
>> +++ b/innfeed/host.c
>> @@ -2582,6 +2582,7 @@ void hostSetStatusFile (const char *filename)
>>    else if (*filename == '\0')
>>      die ("Can't set status file name with an empty string\n") ;
>>  
>> +  free(statusFile);
>>    if (*filename == '/')
>>      statusFile = xstrdup (filename) ;
>>    else {
> 
> The statusFile should normally be NULL at that time.
> Unless we are in the case of several status-file: lines in innfeed.conf?
> Is it the case that the patch fixes?

IIRC there's a new call to hostSetStatusFile() each time the config is
reloaded.  There's also one in shutDown(), which I think is the path
valgrind saw.

ttfn/rjk



More information about the inn-workers mailing list