Subscribe!

INN 1.5.1sec2 Software Action Items


INN 1.5.1sec2 fixes string buffer overuns, but these type of defects are not the only defects known in 1.5.1sec2.

Each item is tagged with a severity. See About Severity tags for Software Action Items
for a description.

See Also
Defect lists for INN versions 1.5.1 and later
For an overview comparison of 1.5.1, 1.5.1sec2, 1.5.2pre1, 1.6b3, and 1.5.1corr, see inn1.5.1corr/1.7



Critical: 1060 character Path header crashes innd.


Critical: Rare sequence of history file entries causes invalid history file entry.


Critical: INN hangs when processing ctlinnd addhist with massively crossposted articles
ctlinnd addhist is used by some "third-party" utilities, such as nocem.


Critical: Uses memcpy(). Argument could copy more bytes than necessary, possibly causing a segfault.


Critical: Make sure newsfeeds has exactly one ME entry. (innd needs this
to run correctly, or may crash when reloading various files.)


Critical: Handling of error return from ARTclean()


Critical: Added test to Write to history file only if Data.MessageID.


Critical: Code changed in 1.5.1sec2 to handle string buffers in a safer manner is defective
and causes crashes.


Critical: Code changed in 1.6 and 1.5.1sec2 to handle string buffers in a safer manner is unnecessary and is actually less safe: causes crashes.


Critical: INN corrupts the active file if ctlinnd rmgroup/ctlinnd newgroup when throttled.
See INN FAQ 6.3


Critical: INN internal buffer copy of backlogged channel fails, leading to crashes


Critical: INN can crash when processing ctlinnd feedinfo when a site is sleeping.


Critical: The CheckIncludedText() routines in frontends/inews.c and nnrpd/post.c
can walk past the end of the article buffer (sometimes resulting in a core
dump) when CHECK_INCLUDED_TEXT is DO


Defect:Response to HEAD, BODY, and ARTICLE, when requesting by Message ID don't comply with RFC977


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing crosspost dependencies: (all)
Missing actsync dependency: include/mydir.h


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing makehistory dependencies inndcomm.h, mydir.h


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing clientactive.o dependencies: macros.h nntp.h
Missing clientlib.o dependency: paths.h
Extra clientlib.o dependency: macros.h
Missing getmodaddr.o dependency: nntp.h
Missing perl.o dependencies


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing perl.o dependency: post.h
Missing post.o dependency: post.h


Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing art.o dependency: art.h
Missing his.o dependency: dbz.h
Missing nc.o dependency: dbz.h
Missing perl.o dependency: art.h


Defect: make depend: rule does not include dbz.c


Defect: make depend: rule does not include decode.c encode.c getlist innconfval


Defect: make depend: rule does not include inndstart.c



Defect: expireover small memory leak when there are empty headers (very rare case)


Defect: Posting to moderated newsgroup through inews leaves temp file.


Defect: pstat() (for setproctitle) called incorrectly on HPUX systems.


Defect: inews imposes an undocumented limit on header lines. (Approximately 50)
and inaccurately reports exceeding the limit.



Defect: nnrpd crashes with long lines in corrupt overview files


Defect: actsync -I does not work properly in many cases.
Reported to inn-bugs by pmb1@york.ac.uk, 6 Nov 1997.


Defect: .pl scripts fail when newsmaster e-mail address contains a '@'


Defect:A "hard-coded" path instead of ${UUSPOOL} is used for uucp.
Reported by Philippe Charnier <charnier@xp11.frmug.org> to inn-bugs 9 Nov 1997.


Defect: Incorrect sequencing of I/O channel operations, can cause failure to send output.



Defect: Compile time problem due to use of DO_USE_UNION_WAIT instead of !defined(DONT_USE_UNION_WAIT)


Defect: Casts to ensure long.


Defect: Code could try to MakeDir("")


Defect: Code to handle batch files of 0 length


Defect: Prevent the use of function call DDend() within DISPOSE(), in case your DISPOSE macro was something fancier than a single function call.


Defect: Prevent the use of function call DDend() within DISPOSE(), in case your DISPOSE macro was something fancier than a single function call.


Defect: Compile time. __NetBSD__ added to exclusions on conditional section



Defect: Some year 2038 fixes



Defect: Some year 2038 fixes


Defect: if a header is duplicated, the first one should be used to generate overview data.


Defect: Channel feeds (such as the one to overchan) sometimes backlog due to not being written often enough.


Defect: INN can't receive multiple XBATCH batches on the same connection.


Defect: backends/batcher.c can enter an infinite loop if a signal is received during a
read loop.


Defect: nnrpd does not check permissions when listing newsgroups with the XGTITLE command


Defect: nnrpd does not always check permissions when listing newsgroups with the LIST ACTIVE command


Defect: nnrpd does not check IP address when checking USER/PASS combinations.



Defect: Compile time. Compile conditional test is now DO_HAVE_SETBUFFER, instead of HAVE_SETBUFFER.


Defect: Compile time. Ownership of man pages is not set to news when run make install as root. This can prevent later updates.


Defect: Clear IP_OPTIONS, including source routing on the socket.


Defect: initialization of the streaming flag in structure filled by reading hosts.nntp


Defect: year 2038 fix.


Defect: compile time. Inclusion of <unistd.h>, <errno.h>


Defect: compile time. Inclusion of <sys/resource.h> regardless of NOFILE_LIMIT


Defect: Compile-time, O/S dependent. Fixes ENOTSOCK and ENOTTY compile time tests after SetNonBlocking() fails.


Defect: Handling of case when header line starts with ': ', Not sure if this is a security issue.


Defect: Year 2000 fix.


Defect: smarter handling of creating symlinks when directory had not already existed...


Defect: optimization if client asks for !* as groups happened too late.


Defect: Logs reporting pgp errors when processing control messages were going to the wrong place. Reported to inn-bugs by Mike Brudenell <pmb1@york.ac.uk>, 6 Nov 1997.



Annoyance: Inefficient handling of creating symlinks when directory had not already existed...


Annoyance: fastrm.c Formating of Error message if unlink fails in fastrm


Annoyance:Error handling after 10 attempts of actsync fail.
actsyncd.sh does not properly write an error message after 10 failed attempts (6 minutes apart) of actsync. Reported to inn-bugs by pmb1@york.ac.uk, 13 Nov 1997.


Annoyance: "Duplicate" message was not getting trailing newline.


Annoyance: actsync does not report group names correctly when ctlinnd fails.
(Can leave out a space.)


Annoyance: Cancelled articles causing "437 Duplicate article" log entries and history records


Annoyance: skip lines containing only spaces and tabs as comments.


Annoyance: Don't append the same path twice


Annoyance: History DB entries for Cancelled articles are tagged with inappropriate arrival date


Annoyance: printf needs %% to print a single %


Annoyance: No usage error when number of args was 3


Annoyance: Compile time. getrusage() is available but not declared in header files on Solaris < v2.6


Maintenance: ARTmakeoverview does not initialize the .Size member of a BUFFER. This is a benign bug: it could never cause invalid operation, but does violate BUFFER handling assumptions.


Maintenance: removal of bogus width field to %ld printf argument. not needed and doesn't do any good anyway.


Maintenance: Two changes to static declarations of functions...


Maintenance: Dummy function for fchmod() in buffchan should return 0.


Maintenance: Comment changes inserted when string buffer patches were done.
These changes can lead to incompatibility with third party patches. (Tagged in the Unified Sources as INN160CC)


Maintenance: String buffer handling changes which operate on internal data. The changes do not actually "fix" the problem, instead the data is truncated without warning or error, trading what is usually a detectable error due to overly long configuration settings, to a truncation [LiteralOn Unified Sources]<A HREF=0038.htm>Unified Sources</A>
problem which can be much harder to find. (Tagged in the Unified Sources as INN160SL)


Maintenance: String buffer handling changes which were not necessary for correctness. These changes can lead to incompatibility with third party patches These require snprintf(), and [LiteralOn Unified Sources]<A HREF=0038.htm>Unified Sources</A>
arguably make the code easier to maintain. (Tagged in the Unified Sources as INN160BS)



RKT Rapid-Links:[Search] [RKT Tips] Path: / Usenet RKT / For Providers / INN Patches / 0034.htm
You can find a summary and links related to this topic
as part of the Mib Software Usenet RKT.