On Mon, Jul 19, 2010 at 04:16:24PM -0400, Martin B. Smith wrote:
Hello all,
I'm looking into a possible use of perdition here, but I'm seeing a
problem when I transmit certain characters, like CTRL-C, to perdition
configured for IMAP4.
It looks like it crashes for both the 1.19 RC2 and 1.18 versions, and it
appears the crash is actually inside libvanessa_logger.so.
Hi Martin,
thanks for pointing that out. I have applied the following patch
which I believe resolves the problem. Could you verify the change?
For reference, the development tree can be found at
http://hg.vergenet.net/vanessa/vanessa_logger/
# HG changeset patch
# User Simon Horman <horms(a)verge.net.au>
# Date 1279593889 -32400
# Node ID de5b1996e3e28f8742b1a1b3d41d5e59c470a94a
# Parent 88cf32b83128d83de93724593dc499a36575ca93
Don't overrun buffer in vanessa_logger_str_dump_oct()
To be safe cover this from two angles:
1) use snprintf to limit the number of bytes written
2) mask the value to limit its size
Reported-by: Martin B. Smith <smithmb(a)ufl.edu>
Signed-off-by: Simon Horman <horms(a)verge.net.au>
diff -r 88cf32b83128 -r de5b1996e3e2 libvanessa_logger/vanessa_logger.c
--- a/libvanessa_logger/vanessa_logger.c Tue Jun 08 14:00:44 2010 +0900
+++ b/libvanessa_logger/vanessa_logger.c Tue Jul 20 11:44:49 2010 +0900
@@ -1256,8 +1256,8 @@
if (isgraph(*in_pos) || *in_pos == ' ') {
*out_pos++ = *in_pos;
}
- else {
- sprintf(out_pos, "\\%03o", *in_pos);
+ else {
+ snprintf(out_pos, 5, "\\%03o", *in_pos & 0xff);
out_pos += 4;
}
}
I have also applied the following clean-ups to the same function.
# HG changeset patch
# User Simon Horman <horms(a)verge.net.au>
# Date 1279593981 -32400
# Node ID f8b7dfbe861fe32362eb29cef59be39fe548f7f8
# Parent de5b1996e3e28f8742b1a1b3d41d5e59c470a94a
Remove duplicate handling of ' ' in __vanessa_logger_str_dump_oct()
Signed-off-by: Simon Horman <horms(a)verge.net.au>
diff -r de5b1996e3e2 -r f8b7dfbe861f libvanessa_logger/vanessa_logger.c
--- a/libvanessa_logger/vanessa_logger.c Tue Jul 20 11:44:49 2010 +0900
+++ b/libvanessa_logger/vanessa_logger.c Tue Jul 20 11:46:21 2010 +0900
@@ -1249,7 +1249,6 @@
case '"':
case '\'':
*out_pos++ = '\\';
- case ' ':
*out_pos++ = *in_pos;
continue;
}
# HG changeset patch
# User Simon Horman <horms(a)verge.net.au>
# Date 1279594074 -32400
# Node ID bdb84170d77e1fefa34da9a5328b1d68967aef73
# Parent f8b7dfbe861fe32362eb29cef59be39fe548f7f8
Remove unnecessary call to realloc() in __vanessa_logger_str_dump_oct()
Typically after this function returns the buffer will be printed and
then freed. Its hard to justify the messiness of adding realloc() to
give back memory that will soon be freed anyway.
Signed-off-by: Simon Horman <horms(a)verge.net.au>
diff -r f8b7dfbe861f -r bdb84170d77e libvanessa_logger/vanessa_logger.c
--- a/libvanessa_logger/vanessa_logger.c Tue Jul 20 11:46:21 2010 +0900
+++ b/libvanessa_logger/vanessa_logger.c Tue Jul 20 11:47:54 2010 +0900
@@ -1263,16 +1263,6 @@
*out_pos++ = '\0';
- /* Srink buffer
- * Ew, realloc */
- out = realloc(out, out_pos - out);
- if (!out) {
- vanessa_logger_log(vl, LOG_DEBUG,
- "vanessa_logger_str_dump: realloc: %s",
- strerror(errno));
- return (NULL);
- }
-
return (out);
}