Return-Path: owner-inn-workers-outgoing@vix.com Delivery-Date: Sun, 10 Aug 1997 22:27:52 -0400 Received: from math.psu.edu (leibniz.math.psu.edu [146.186.130.2]) by mail.cis.ohio-state.edu (8.6.7/8.6.4) with ESMTP id WAA11149 for ; Sun, 10 Aug 1997 22:27:41 -0400 Received: from gw.home.vix.com (gw.home.vix.com [192.5.5.1]) by math.psu.edu (8.8.5/8.7.3) with ESMTP id WAA05489 for ; Sun, 10 Aug 1997 22:27:49 -0400 (EDT) Received: (from daemon@localhost) by gw.home.vix.com (8.8.6/) id TAA02283 for inn-workers-outgoing; Sun, 10 Aug 1997 19:24:42 -0700 (PDT) env-from (owner-inn-workers) Received: from hammer.msfc.nasa.gov (HAMMER.MSFC.NASA.GOV [128.158.254.10]) by gw.home.vix.com (8.8.6/) via ESMTP id TAA02265; Sun, 10 Aug 1997 19:24:38 -0700 (PDT) env-from (jpc@hammer.msfc.nasa.gov) Received: (from jpc@localhost) by hammer.msfc.nasa.gov (8.8.7/8.8.7) id VAA12609; Sun, 10 Aug 1997 21:24:24 -0500 (CDT) Date: Sun, 10 Aug 1997 21:24:24 -0500 (CDT) From: "J. Porter Clark" Message-Id: <199708110224.VAA12609@hammer.msfc.nasa.gov> To: inn-bugs@isc.org, inn-workers@vix.com Subject: Fix for core dumps in INN-1.6b3 (innd/art.c) Sender: owner-inn-workers@vix.com Precedence: bulk Just posted. Been working for a few days with no core dumps. >Path: news.msfc.nasa.gov!not-for-mail >From: jpc@drum.msfc.nasa.gov (J. Porter Clark) >Newsgroups: news.software.nntp >Subject: Fix for core dumps in INN-1.6b3 (innd/art.c) >Date: 10 Aug 1997 21:21:56 -0500 >Organization: NASA/MSFC >Lines: 68 >Sender: jpc@hammer.msfc.nasa.gov >Message-ID: <5slt04$c65$1@hammer.msfc.nasa.gov> >NNTP-Posting-Host: hammer.msfc.nasa.gov >X-Trace: hammer.msfc.nasa.gov 871266117 12486 (None) 128.158.254.10 >X-Complaints-To: abuse@news.msfc.nasa.gov >Xref: news.msfc.nasa.gov news.software.nntp:35433 As Forrest Cavalier has noted here and elsewhere, there is a bug in INN 1.6b3's innd/art.c that may cause innd to dump core as the indirect result of receiving a control message without a Control header. The fix is below. Basically, it reverts to the 1.5.1 code, which turns out to have been correct and safe after all. Also included in the fix is a rearrangement of the order in which some of the newsfeeds tests occur. The idea is that it is quicker to count the number of hops ('H' flag) than it is to search for Path exclusions, so we do the hop count check first. This does actually seem to make a difference in my environment, and I can't see why it would hurt, ever. *** innd/art.c.orig Thu Jul 31 15:08:57 1997 --- innd/art.c Fri Aug 8 20:51:20 1997 *************** *** 1089,1104 **** if (*p == 'c' && EQn(p, "cmsg ", 5)) { for (p += 5; *p && ISWHITE(*p); ) p++; ! if (*p) { ! if (strlen(p) > ARTheaders[_control].Length) { ! ARTheaders[_control].Length = strlen(p) + 1; ! ARTheaders[_control].Value = ! RENEW(ARTheaders[_control].Value, ! char, ARTheaders[_control].Length); ! in = HDR(_control); ! } (void)strcpy(in, p); /* safe -of */ - } } } --- 1089,1096 ---- if (*p == 'c' && EQn(p, "cmsg ", 5)) { for (p += 5; *p && ISWHITE(*p); ) p++; ! if (*p) (void)strcpy(in, p); /* safe -of */ } } *************** *** 1765,1773 **** /* Too small for the site. */ continue; ! if ((!sp->IgnorePath && ListHas(hops, sp->Name)) ! || (sp->Hops && hopcount > sp->Hops) ! || (sp->Groupcount && Groupcount > sp->Groupcount)) /* Site already saw the article; path too long; or too much * cross-posting. */ continue; --- 1757,1765 ---- /* Too small for the site. */ continue; ! if ((sp->Hops && hopcount > sp->Hops) ! || (sp->Groupcount && Groupcount > sp->Groupcount) ! || (!sp->IgnorePath && ListHas(hops, sp->Name))) /* Site already saw the article; path too long; or too much * cross-posting. */ continue; -- J. Porter Clark jpc@drum.msfc.nasa.gov NASA/MSFC Flight Data Systems Branch