Path: utzoo!mnetor!uunet!husc6!mit-eddie!uw-beaver!fluke!battan From: battan@tc.fluke.COM (Jim Battan) Newsgroups: news.software.b Subject: Re: Strange Core Dumps Message-ID: <2479@fluke.COM> Date: 14 Dec 87 17:57:26 GMT References: <2122@crash.cts.com> Sender: news@tc.fluke.COM Lines: 57 Summary: a quick fix In article <2122@crash.cts.com>, bblue@crash.cts.com (Bill Blue) writes about how rnews is leaving around articles and core dumps when processing certain articles having Message-ID's of the form: > >Message-ID:John Gilmore has the right idea. This is a problem with an sprintf overflowing due to not having enough memory and/or arguments. The % in the Message-ID is sent through sprintf when the article's forwarding to other sites gets recorded in the log file. Specifically, in broadcast() (ifuncs.c), "sentbuf" gets the Message-ID and a list of sites the article is sent to. This is then sprintf-ed through in log(), where it bombs. How articles then get sent to the other sites is mysterious, but I don't understand enough about the flow of the articles to be sure. Below, please find a suitable context diff that can be sent thru patch(1L). I've mailed the diff to Rick Adams for inclusion in patch n. Since the articles get posted correctly even with this bug, you could wait for the official patch if you're the cautious type. Another possible fix could have been to the call to log() in broadcast(), ala' log("%s", sentbuf); but my fix will (hopefully) have the same effect. Note that I haven't yet found an incoming article to really test this on. And a general disclaimer: This works for me; your mileage may vary. *** ifuncs.c.orig Mon Dec 14 09:10:41 1987 --- ifuncs.c Mon Dec 14 09:03:29 1987 *************** *** 113,119 **** xerror("Cannot reread article"); (void) fclose(fp); ! (void) strcpy(sentbuf, h.ident); (void) strcat(sentbuf, " sent to "); sentsys = index(sentbuf, '\0'); nsent = 0; --- 117,134 ---- xerror("Cannot reread article"); (void) fclose(fp); ! /* Double "%"'s in the header's ident, since log() would try to */ ! /* interpret them in sentbuf. Articles posted by some BITNET sites */ ! /* occasionally have these types of Message-IDs. */ ! /* e.g. */ ! hptr = h.ident; ! sptr = sentbuf; ! while (*hptr != '\0') { ! if (*hptr == '%') ! *sptr++ = '%'; ! *sptr++ = *hptr++; ! } ! *sptr = '\0'; (void) strcat(sentbuf, " sent to "); sentsys = index(sentbuf, '\0'); nsent = 0; -- Jim Battan Domain: battan@tc.fluke.COM Voice: +1 206 356 6469 UUCP: {uw-beaver,decvax!microsof,ucbvax!lbl-csam,allegra,sun}!fluke!battan