Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site sdccsu3.UUCP
Path: utzoo!linus!philabs!sdcsvax!sdccsu3!madden
From: madden@sdccsu3.UUCP
Newsgroups: net.news.b
Subject: Bug in 2.10.1 news
Message-ID: <955@sdccsu3.UUCP>
Date: Fri, 8-Jul-83 23:47:11 EDT
Article-I.D.: sdccsu3.955
Posted: Fri Jul  8 23:47:11 1983
Date-Received: Sat, 9-Jul-83 19:12:08 EDT
Organization: U.C. San Diego, Student System 3
Lines: 51

There is a rather serious bug in the control message handling of
news 2.10.1 (and probably other versions of bnews) which causes
it to take core dumps and leave lock files around when trying to
send control messages.  In xmitmsg of module control.c, a local
structure, h, is declared and used without being completely initialized.
Later, when this structure is passed on to other routines, garbage
pointers in h.unrec are likely to cause unpleasant memory faults,
and following damage.

The solution I've used is to set the appropriate pointers to NULL before
passing h on:

------- control.c -------
*** /tmp/d10606	Fri Jul  8 20:36:56 1983
--- control.c	Fri Jul  8 10:57:47 1983
***************
*** 453,458
  	struct srec srec;
  	FILE *tfp;
  	char *fname;
  
  	/* Make an article called ARTICLE */
  	sprintf(h.from, "%s@%s%s", "usenet", FULLSYSNAME, MYDOMAIN);

--- 453,459 -----
  	struct srec srec;
  	FILE *tfp;
  	char *fname;
+ 	register iu;
  
  	/* Make an article called ARTICLE */
  	sprintf(h.from, "%s@%s%s", "usenet", FULLSYSNAME, MYDOMAIN);
***************
*** 465,470
  	strcpy(h.expdate, "");
  	getident(&h);
  	dates(&h);
  	tfp = xfopen(fname = mktemp("/tmp/xmsgXXXXXX"), "w");
  	hwrite(&h, tfp);
  	fclose(tfp);

--- 466,474 -----
  	strcpy(h.expdate, "");
  	getident(&h);
  	dates(&h);
+ 	for (iu = 0; iu < NUNREC; iu++) {
+ 		h.unrec[iu] = NULL;
+ 	}
  	tfp = xfopen(fname = mktemp("/tmp/xmsgXXXXXX"), "w");
  	hwrite(&h, tfp);
  	fclose(tfp);